首頁 探索 說明
註冊 登入
phyus
/
linux-vybrid_public
8
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Fix vsnprintf off-by-one bug

The recent vsnprintf() fix introduced an off-by-one, and it's now
possible to overrun the target buffer by one byte.

The "end" pointer points to past the end of the buffer, so if we
have to truncate the result, it needs to be done though "end[-1]".

[ This is just an alternate and simpler patch to one proposed by Andrew
  and Jeremy, who actually noticed the problem ]

Acked-by: Andrew Morton <akpm@osdl.org>
Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds 19 年之前
父節點
27d68a36c4
當前提交
0a6047eef1
共有 1 個文件被更改,包括 1 次插入1 次删除
統一視圖 顯示文件統計
  1. 1 1
      lib/vsprintf.c

+ 1 - 1
lib/vsprintf.c
查看文件 

@@ -489,7 +489,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
 
 		if (str < end)
 
 		if (str < end)
 
 			*str = '\0';
 
 			*str = '\0';
 
 		else
 
 		else
 
-			*end = '\0';
 
+			end[-1] = '\0';
 
 	}
 
 	}
 
 	/* the trailing null byte doesn't count towards the total */
 
 	/* the trailing null byte doesn't count towards the total */
 
 	return str-buf;
 
 	return str-buf;