nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Fix buffer management in strbuf_catfv.

Browse Source 
Thanks to Tim Kosse for pointing out that I had _completely_ cocked up
all the code that was supposed to enlarge the buffer in the strbuf
structure, by failing to pass in 'oldsize' to the innermost
dupvprintf_inner function by reference, so that the size was never
updated.

Fortunately, this whole mechanism was something I dashed off for the
purposes of buildinfo(), which means it's only ever used to glue
together a fixed number of compile-time string constants, for which
there turns out to be plenty to spare in the standard 512 bytes
allocated to a new strbuf. So it's at least not dangerous, though it
clearly needs to be fixed before I make the mistake of using
strbuf_catf[v] for anything else!
This commit is contained in:
Simon Tatham 2017-02-20 20:30:14 +00:00
parent bd65d47792
commit 7705fc4470
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
misc.c
View File

@ -394,15 +394,19 @@ int toint(unsigned u)
* directive we don't know about, we should panic and die rather * directive we don't know about, we should panic and die rather
* than run any risk. * than run any risk.
*/ */
static char *dupvprintf_inner(char *buf, int oldlen, int oldsize, static char *dupvprintf_inner(char *buf, int oldlen, int *oldsize,
const char *fmt, va_list ap) const char *fmt, va_list ap)
{ {
int len, size; int len, size, newsize;
size = oldsize - oldlen; assert(*oldsize >= oldlen);
size = *oldsize - oldlen;
if (size == 0) { if (size == 0) {
size = 512; size = 512;
buf = sresize(buf, oldlen + size, char); newsize = oldlen + size;
buf = sresize(buf, newsize, char);
} else {
newsize = *oldsize;
} }
while (1) { while (1) {
@ -430,6 +434,7 @@ static char *dupvprintf_inner(char *buf, int oldlen, int oldsize,
if (len >= 0 && len < size) { if (len >= 0 && len < size) {
/* This is the C99-specified criterion for snprintf to have /* This is the C99-specified criterion for snprintf to have
* been completely successful. */ * been completely successful. */
*oldsize = newsize;
return buf; return buf;
} else if (len > 0) { } else if (len > 0) {
/* This is the C99 error condition: the returned length is /* This is the C99 error condition: the returned length is
@ -440,13 +445,15 @@ static char *dupvprintf_inner(char *buf, int oldlen, int oldsize,
* buffer wasn't big enough, so we enlarge it a bit and hope. */ * buffer wasn't big enough, so we enlarge it a bit and hope. */
size += 512; size += 512;
} }
buf = sresize(buf, oldlen + size, char); newsize = oldlen + size;
buf = sresize(buf, newsize, char);
} }
} }
char *dupvprintf(const char *fmt, va_list ap) char *dupvprintf(const char *fmt, va_list ap)
{ {
return dupvprintf_inner(NULL, 0, 0, fmt, ap); int size = 0;
return dupvprintf_inner(NULL, 0, &size, fmt, ap);
} }
char *dupprintf(const char *fmt, ...) char *dupprintf(const char *fmt, ...)
{ {
@ -488,7 +495,7 @@ char *strbuf_to_str(strbuf *buf)
} }
void strbuf_catfv(strbuf *buf, const char *fmt, va_list ap) void strbuf_catfv(strbuf *buf, const char *fmt, va_list ap)
{ {
buf->s = dupvprintf_inner(buf->s, buf->len, buf->size, fmt, ap); buf->s = dupvprintf_inner(buf->s, buf->len, &buf->size, fmt, ap);
buf->len += strlen(buf->s + buf->len); buf->len += strlen(buf->s + buf->len);
} }
void strbuf_catf(strbuf *buf, const char *fmt, ...) void strbuf_catf(strbuf *buf, const char *fmt, ...)