Warn loudly if somebody passes a negative value as

the size to "vsnprintf()". That's a pretty clear case of overflow.

Warn loudly if somebody passes a negative value as
the size to "vsnprintf()". That's a pretty clear case of overflow.
8eb73664 · Linus Torvalds · 236d2f49 · 8eb73664
Commit 8eb73664 authored Feb 02, 2004 by Linus Torvalds
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

lib/vsprintf.c lib/vsprintf.c +10 -1

No files found.
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -254,6 +254,15 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
 				/* 'z' support added 23/7/1999 S.H.    */
 				/* 'z' changed to 'Z' --davidm 1/25/99 */

+	/* Reject out-of-range values early */
+	if (unlikely((int) size < 0)) {
+		/* There can be only one.. */
+		static int warn = 1;
+		WARN_ON(warn);
+		warn = 0;
+		return 0;
+	}
+
 	str = buf;
 	end = buf + size - 1;

@@ -498,7 +507,7 @@ EXPORT_SYMBOL(snprintf);
 */
 int vsprintf(char *buf, const char *fmt, va_list args)
 {
-	return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args);
+	return vsnprintf(buf, (~0U)>>1, fmt, args);
 }

 EXPORT_SYMBOL(vsprintf);