diff options
| author | nicm <nicm> | 2014-04-11 19:35:54 +0000 |
|---|---|---|
| committer | nicm <nicm> | 2014-04-11 19:35:54 +0000 |
| commit | b8bda67f304b7c70dee891b7ca660036793c2a4b (patch) | |
| tree | dded327c5a855dddbbdddf68220868207dca3b10 /arguments.c | |
| parent | 73c5a487c1b0f10bbc36479f425fb9cea512be7b (diff) | |
| download | rtmux-b8bda67f304b7c70dee891b7ca660036793c2a4b.tar.gz rtmux-b8bda67f304b7c70dee891b7ca660036793c2a4b.tar.bz2 rtmux-b8bda67f304b7c70dee891b7ca660036793c2a4b.zip | |
Don't blindly increase offsets by the return value of snprintf, if there
wasn't enough space this will go off the end. Instead clamp to the
available space. Fixes crash reported by Julien Rebetez.
Diffstat (limited to 'arguments.c')
| -rw-r--r-- | arguments.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/arguments.c b/arguments.c index 5ff7ed2c..ca6cc760 100644 --- a/arguments.c +++ b/arguments.c @@ -125,7 +125,7 @@ args_free(struct args *args) size_t args_print(struct args *args, char *buf, size_t len) { - size_t off; + size_t off, used; int i; const char *quotes; struct args_entry *entry; @@ -165,9 +165,12 @@ args_print(struct args *args, char *buf, size_t len) quotes = "\""; else quotes = ""; - off += xsnprintf(buf + off, len - off, "%s-%c %s%s%s", + used = xsnprintf(buf + off, len - off, "%s-%c %s%s%s", off != 0 ? " " : "", entry->flag, quotes, entry->value, quotes); + if (used > len - off) + used = len - off; + off += used; } /* And finally the argument vector. */ @@ -181,8 +184,11 @@ args_print(struct args *args, char *buf, size_t len) quotes = "\""; else quotes = ""; - off += xsnprintf(buf + off, len - off, "%s%s%s%s", + used = xsnprintf(buf + off, len - off, "%s%s%s%s", off != 0 ? " " : "", quotes, args->argv[i], quotes); + if (used > len - off) + used = len - off; + off += used; } return (off); |