MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf() Most modern platforms don't touch the output buffer when the size argument is null, but there exist a few old ones (like AIX 5 and possibly Tru64) where the output will be dereferenced anyway, probably to write the trailing null, crashing the process. memprintf() uses this to measure the desired length. There is a very simple workaround to this consisting in passing a pointer to a character instead of a NULL pointer. It was confirmed to fix the issue on AIX 5.1.

commit: e0609f5f49f55b122e7da9bd1d3b1b786366e80c [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Fri Mar 29 19:13:23 2019 +0100
committer: Willy Tarreau <w@1wt.eu> Fri Mar 29 21:03:39 2019 +0100
tree: 849ea0938d0db68d22f70e2ab3aac2d81005bc04
parent: 2231b638877aff9fc215377f9d6952630fb31d3c [diff] [blame]
diff --git a/src/standard.c b/src/standard.c
index 03072b9..09bc155 100644
--- a/src/standard.c
+++ b/src/standard.c

@@ -3577,12 +3577,14 @@
 		return NULL;
 
 	do {
+		char buf1;
+
 		/* vsnprintf() will return the required length even when the
 		 * target buffer is NULL. We do this in a loop just in case
 		 * intermediate evaluations get wrong.
 		 */
 		va_copy(args, orig_args);
-		needed = vsnprintf(ret, allocated, format, args);
+		needed = vsnprintf(ret ? ret : &buf1, allocated, format, args);
 		va_end(args);
 		if (needed < allocated) {
 			/* Note: on Solaris 8, the first iteration always
commit	e0609f5f49f55b122e7da9bd1d3b1b786366e80c	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Fri Mar 29 19:13:23 2019 +0100
committer	Willy Tarreau <w@1wt.eu>	Fri Mar 29 21:03:39 2019 +0100
tree	849ea0938d0db68d22f70e2ab3aac2d81005bc04
parent	2231b638877aff9fc215377f9d6952630fb31d3c [diff] [blame]