You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

42 lines
1.7 KiB

commit 36b50ee589a4fda66d222af7de8ad866d30613c7
Author: Willy Tarreau <w@1wt.eu>
Date: Fri Mar 29 19:13:23 2019 +0100
MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
Most modern platforms don't touch the output buffer when the size
argument is null, but there exist a few old ones (like AIX 5 and
possibly Tru64) where the output will be dereferenced anyway, probably
to write the trailing null, crashing the process. memprintf() uses this
to measure the desired length.
There is a very simple workaround to this consisting in passing a pointer
to a character instead of a NULL pointer. It was confirmed to fix the issue
on AIX 5.1.
(cherry picked from commit e0609f5f49f55b122e7da9bd1d3b1b786366e80c)
[wt: it likely makes sense to backport this to all supported branches]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 1719b6be375bf9478c2cfe78caccd818d37a4d50)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/standard.c b/src/standard.c
index 38c4f3f2..69cddcea 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -3402,12 +3402,14 @@ char *memvprintf(char **out, const char *format, va_list orig_args)
return NULL;
do {
+ char buf1;
+
/* vsnprintf() will return the required length even when the
* target buffer is NULL. We do this in a loop just in case
* intermediate evaluations get wrong.
*/
va_copy(args, orig_args);
- needed = vsnprintf(ret, allocated, format, args);
+ needed = vsnprintf(ret ? ret : &buf1, allocated, format, args);
va_end(args);
if (needed < allocated) {
/* Note: on Solaris 8, the first iteration always