On Thu, Feb 18, 2016 at 08:18:33PM +0100, Stéphane Aulery wrote: > Le 17/02/2016 22:13, walter harms a écrit : > > > > > > Jakub Wilk reported a possible integer overflow in make_message example : > > > > > > > The example in the printf(3) manpages looks like this (with boring parts > > > > omitted): > > > > [...] > > > > the bug is real, the type of size should be size_t (in my original post it > > was int) > > That would make the error check useless, so we would need to store > > the vsnprintf return value in an int. > > > > The problem is that the idea was to have a simple example and cluttering > > it with error checks will make it hard to read. How many people would > > notice that size_t is unsigned and n is signed ? (i added an comment). > > [...] > [...] > So I will do a patch with your new corrected version that is very readable.
JFTR, that example was then changed significantly upstream between 3.82
and 4.04 (the latter being the first version that entered Debian after
3.74), saw a minor update in 4.10, and was adjusted again in 5.07 with
then "size" being of type "size_t". (With some non-code changes
sprinkled inbetween.)
Upstream 5.13 now lists
| To allocate a sufficiently large string and print into it (code correct
| for both glibc 2.0 and glibc 2.1):
|
| #include <stdio.h>
| #include <stdlib.h>
| #include <stdarg.h>
|
| char *
| make_message(const char *fmt, ...)
| {
| int n = 0;
| size_t size = 0;
| char *p = NULL;
| va_list ap;
|
| /* Determine required size. */
|
| va_start(ap, fmt);
| n = vsnprintf(p, size, fmt, ap);
| va_end(ap);
|
| if (n < 0)
| return NULL;
|
| size = (size_t) n + 1; /* One extra byte for '\0' */
| p = malloc(size);
| if (p == NULL)
| return NULL;
|
| va_start(ap, fmt);
| n = vsnprintf(p, size, fmt, ap);
| va_end(ap);
|
| if (n < 0) {
| free(p);
| return NULL;
| }
|
| return p;
| }
which is an extension of what walter harms proposed in
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794947#28>.
As such I think this bug here could just be closed.
Cheers,
Flo
signature.asc
Description: PGP signature
