Fix vsnprintf(3) memory leak for size == 0.

PR: bin/36175 Obtained from: OpenBSD Reviewed by: silence on -audit MFC after: 5 days
author: maxim <maxim@FreeBSD.org> 2002-09-17 11:28:24 +0000
committer: maxim <maxim@FreeBSD.org> 2002-09-17 11:28:24 +0000
commit: af06b6a609daa38ec0469fedcb7d1b8e37d59a0b (patch)
tree: ced1886211738253e800da524c617f1ccdcad41b /lib/libc/stdio/vsnprintf.c
parent: a841b9cf18337bfb92809c1549245fe8ff63ce31 (diff)
download: FreeBSD-src-af06b6a609daa38ec0469fedcb7d1b8e37d59a0b.zip
FreeBSD-src-af06b6a609daa38ec0469fedcb7d1b8e37d59a0b.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/libc/stdio/vsnprintf.c b/lib/libc/stdio/vsnprintf.c
index ecbce5a..6479807 100644
--- a/lib/libc/stdio/vsnprintf.c
+++ b/lib/libc/stdio/vsnprintf.c
@@ -50,6 +50,7 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
 {
 	size_t on;
 	int ret;
+	char dummy;
 	FILE f;
 	struct __sFILEX ext;
 
@@ -58,6 +59,11 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
 		n--;
 	if (n > INT_MAX)
 		n = INT_MAX;
+	/* Stdio internals do not deal correctly with zero length buffer */
+	if (n == 0) {
+                str = &dummy;
+                n = 1;
+	}
 	f._file = -1;
 	f._flags = __SWR | __SSTR;
 	f._bf._base = f._p = (unsigned char *)str;
author	maxim <maxim@FreeBSD.org>	2002-09-17 11:28:24 +0000
committer	maxim <maxim@FreeBSD.org>	2002-09-17 11:28:24 +0000
commit	af06b6a609daa38ec0469fedcb7d1b8e37d59a0b (patch)
tree	ced1886211738253e800da524c617f1ccdcad41b /lib/libc/stdio/vsnprintf.c
parent	a841b9cf18337bfb92809c1549245fe8ff63ce31 (diff)
download	FreeBSD-src-af06b6a609daa38ec0469fedcb7d1b8e37d59a0b.zip FreeBSD-src-af06b6a609daa38ec0469fedcb7d1b8e37d59a0b.tar.gz