|
commit 36b50ee589a4fda66d222af7de8ad866d30613c7
|
|
Author: Willy Tarreau <w@1wt.eu>
|
|
Date: Fri Mar 29 19:13:23 2019 +0100
|
|
|
|
MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
|
|
|
|
Most modern platforms don't touch the output buffer when the size
|
|
argument is null, but there exist a few old ones (like AIX 5 and
|
|
possibly Tru64) where the output will be dereferenced anyway, probably
|
|
to write the trailing null, crashing the process. memprintf() uses this
|
|
to measure the desired length.
|
|
|
|
There is a very simple workaround to this consisting in passing a pointer
|
|
to a character instead of a NULL pointer. It was confirmed to fix the issue
|
|
on AIX 5.1.
|
|
|
|
(cherry picked from commit e0609f5f49f55b122e7da9bd1d3b1b786366e80c)
|
|
[wt: it likely makes sense to backport this to all supported branches]
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
(cherry picked from commit 1719b6be375bf9478c2cfe78caccd818d37a4d50)
|
|
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
|
|
|
diff --git a/src/standard.c b/src/standard.c
|
|
index 38c4f3f2..69cddcea 100644
|
|
--- a/src/standard.c
|
|
+++ b/src/standard.c
|
|
@@ -3402,12 +3402,14 @@ char *memvprintf(char **out, const char *format, va_list orig_args)
|
|
return NULL;
|
|
|
|
do {
|
|
+ char buf1;
|
|
+
|
|
/* vsnprintf() will return the required length even when the
|
|
* target buffer is NULL. We do this in a loop just in case
|
|
* intermediate evaluations get wrong.
|
|
*/
|
|
va_copy(args, orig_args);
|
|
- needed = vsnprintf(ret, allocated, format, args);
|
|
+ needed = vsnprintf(ret ? ret : &buf1, allocated, format, args);
|
|
va_end(args);
|
|
if (needed < allocated) {
|
|
/* Note: on Solaris 8, the first iteration always
|