lib/vsnprintf.c: correct boundary conditions

Correct the boundary conditions in lib/vsnprintf.c; as it was we could have an undetected one-byte overwrite.
author: H. Peter Anvin <hpa@zytor.com> 2007-09-28 12:01:55 -0700
committer: H. Peter Anvin <hpa@zytor.com> 2007-09-28 12:01:55 -0700
commit: 43827654ac5cef5ce37a1faaaf86103fa51d1ea8 (patch)
tree: 3d1376703785b116851aef4cfc2cb6f544b60ade
parent: 304b60556397464143c6fc24edb856b03fc9781a (diff)
download: nasm-43827654ac5cef5ce37a1faaaf86103fa51d1ea8.tar.gz
nasm-43827654ac5cef5ce37a1faaaf86103fa51d1ea8.tar.bz2
nasm-43827654ac5cef5ce37a1faaaf86103fa51d1ea8.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/vsnprintf.c b/lib/vsnprintf.c
index b2b19d9..2c9399a 100644
--- a/lib/vsnprintf.c
+++ b/lib/vsnprintf.c
@@ -30,17 +30,17 @@ int vsnprintf(char *str, size_t size, const char *format, va_list ap)
     }
 
     rv = vsprintf(snprintf_buffer, format, ap);
-    if (rv > BUFFER_SIZE) {
+    if (rv >= BUFFER_SIZE) {
 	nasm_malloc_error(ERR_PANIC|ERR_NOFILE,
 			  "snprintf buffer overflow");
     }
 
-    if (rv < (int)size-1)
-	bytes = rv;
-    else
-	bytes = size-1;
-
     if (size > 0) {
+	if ((size_t)rv < size-1)
+	    bytes = rv;
+	else
+	    bytes = size-1;
+
 	memcpy(str, snprintf_buffer, bytes);
 	str[bytes] = '\0';
     }
author	H. Peter Anvin <hpa@zytor.com>	2007-09-28 12:01:55 -0700
committer	H. Peter Anvin <hpa@zytor.com>	2007-09-28 12:01:55 -0700
commit	43827654ac5cef5ce37a1faaaf86103fa51d1ea8 (patch)
tree	3d1376703785b116851aef4cfc2cb6f544b60ade
parent	304b60556397464143c6fc24edb856b03fc9781a (diff)
download	nasm-43827654ac5cef5ce37a1faaaf86103fa51d1ea8.tar.gz nasm-43827654ac5cef5ce37a1faaaf86103fa51d1ea8.tar.bz2 nasm-43827654ac5cef5ce37a1faaaf86103fa51d1ea8.zip