[MEDIUM] ensure we never overflow in chunk_printf()
The result of the vsnprintf() called in chunk_printf() must be checked,
and should be added only if lower than the requested size. We simply
return zero if we cannot write the chunk.
diff --git a/src/buffers.c b/src/buffers.c
index 658539c..8b2c4d3 100644
--- a/src/buffers.c
+++ b/src/buffers.c
@@ -193,9 +193,15 @@
int chunk_printf(struct chunk *chk, int size, const char *fmt, ...)
{
va_list argp;
+ int ret;
va_start(argp, fmt);
- chk->len += vsnprintf(chk->str + chk->len, size - chk->len, fmt, argp);
+ ret = vsnprintf(chk->str + chk->len, size - chk->len, fmt, argp);
+ if (ret >= size - chk->len)
+ /* do not copy anything in case of truncation */
+ chk->str[chk->len] = 0;
+ else
+ chk->len += ret;
va_end(argp);
return chk->len;
}