When size is 1 should just null terminate the string. The dummy variable

is made an array of two, to explicitly avoid stack corruption due to null-terminating (which is doesn't actually happen due to stack alignment padding). Submitted by: Ed Moy <emoy@apple.com> Obtained from: Apple Computer, Inc.
author: jkh <jkh@FreeBSD.org> 2003-07-02 07:08:44 +0000
committer: jkh <jkh@FreeBSD.org> 2003-07-02 07:08:44 +0000
commit: 6703655ca05ac09ab345820e4f3ccc52bc56af2f (patch)
tree: eab400f0eb82eaf7d37d3fbfda23e1e93ae556e9 /lib
parent: 31f6d3ff92de773057286bc54965b8528af415ae (diff)
download: FreeBSD-src-6703655ca05ac09ab345820e4f3ccc52bc56af2f.zip
FreeBSD-src-6703655ca05ac09ab345820e4f3ccc52bc56af2f.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libc/stdio/vsnprintf.c b/lib/libc/stdio/vsnprintf.c
index 6479807..16d46ee 100644
--- a/lib/libc/stdio/vsnprintf.c
+++ b/lib/libc/stdio/vsnprintf.c
@@ -50,7 +50,7 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
 {
 	size_t on;
 	int ret;
-	char dummy;
+	char dummy[2];
 	FILE f;
 	struct __sFILEX ext;
 
@@ -61,8 +61,10 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
 		n = INT_MAX;
 	/* Stdio internals do not deal correctly with zero length buffer */
 	if (n == 0) {
-                str = &dummy;
-                n = 1;
+		if (on > 0)
+	  		*str = '\0';
+		str = dummy;
+		n = 1;
 	}
 	f._file = -1;
 	f._flags = __SWR | __SSTR;
author	jkh <jkh@FreeBSD.org>	2003-07-02 07:08:44 +0000
committer	jkh <jkh@FreeBSD.org>	2003-07-02 07:08:44 +0000
commit	6703655ca05ac09ab345820e4f3ccc52bc56af2f (patch)
tree	eab400f0eb82eaf7d37d3fbfda23e1e93ae556e9 /lib
parent	31f6d3ff92de773057286bc54965b8528af415ae (diff)
download	FreeBSD-src-6703655ca05ac09ab345820e4f3ccc52bc56af2f.zip FreeBSD-src-6703655ca05ac09ab345820e4f3ccc52bc56af2f.tar.gz