Fix endless loop when the given allocated size was > INT_MAX.

diff --git a/ChangeLog b/ChangeLog
index 42690fc14a565410bdb940b2881dc2e19ec9b4fb..4e472c2bec48bf98b89dfc2e1d57eb63f3ff1ce8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2007-03-17  Bruno Haible  <bruno@clisp.org>
+
+       Fix endless loop when the given allocated size was > INT_MAX.
+       * lib/vasnprintf.c (EOVERFLOW): New fallback definition.
+       (VASNPRINTF): Fail with EOVERFLOW when the given allocated size is
+       larger than INT_MAX, or when it grow to a value larger than INT_MAX.
+       * lib/vsprintf.c (vsprintf): Don't pass a size > INT_MAX to vasnprintf.
+       * lib/sprintf.c (sprintf): Likewise.
+
 2007-03-17  Bruno Haible  <bruno@clisp.org>
 
        * tests/test-argp-2.sh (func_compare): Output a context diff.

diff --git a/lib/sprintf.c b/lib/sprintf.c
index ee716895d3b45a22db1fb613eed0399e658e5e0f..ab14107da6f14c32780a7dd571eb14c73b16b2d3 100644 (file)
--- a/lib/sprintf.c
+++ b/lib/sprintf.c
@@ -46,7 +46,9 @@ sprintf (char *str, const char *format, ...)
 {
   char *output;
   size_t len;
-  size_t lenbuf = SIZE_MAX;
+  /* vasnprintf fails with EOVERFLOW when the buffer size argument is larger
+     than INT_MAX (if that fits into a 'size_t' at all).  */
+  size_t lenbuf = (SIZE_MAX < INT_MAX ? SIZE_MAX : INT_MAX);
   va_list args;
 
   va_start (args, format);

diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index b13dbd5ee1e8af264b05b57b2b0e4db6d7f5ab0b..8d0f516768b5dfbc22dbfaa01141af8bac3df65d 100644 (file)
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -59,6 +59,11 @@
 # endif
 #endif
 
+/* Some systems, like OSF/1 4.0 and Woe32, don't have EOVERFLOW.  */
+#ifndef EOVERFLOW
+# define EOVERFLOW E2BIG
+#endif
+
 #if HAVE_WCHAR_T
 # if HAVE_WCSLEN
 #  define local_wcslen wcslen
@@ -179,6 +184,10 @@ VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list ar
       {
        result = resultbuf;
        allocated = *lengthp;
+       /* POSIX says that snprintf() fails with EOVERFLOW when the specified
+          buffer size is larger than INT_MAX.  Let's do the same here.  */
+       if (allocated > INT_MAX)
+         goto overflow;
       }
     else
       {
@@ -1107,6 +1116,9 @@ VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list ar
                    retcount = 0;
 
 #if USE_SNPRINTF
+                   /* SNPRINTF can fail if maxlen > INT_MAX.  */
+                   if (maxlen > INT_MAX)
+                     goto overflow;
 # define SNPRINTF_BUF(arg) \
                    switch (prefix_count)                                   \
                      {                                                     \
@@ -1382,6 +1394,15 @@ VASNPRINTF (CHAR_T *resultbuf, size_t *lengthp, const CHAR_T *format, va_list ar
        not have this limitation.  */
     return result;
 
+  overflow:
+    if (!(result == resultbuf || result == NULL))
+      free (result);
+    if (buf_malloced != NULL)
+      free (buf_malloced);
+    CLEANUP ();
+    errno = EOVERFLOW;
+    return NULL;
+
   out_of_memory:
     if (!(result == resultbuf || result == NULL))
       free (result);

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index d25c4a65f9d160acbdf6ce76d464a601d3768eb3..a9d840d9c885547bcc76ea4594db562955520b68 100644 (file)
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -46,7 +46,9 @@ vsprintf (char *str, const char *format, va_list args)
 {
   char *output;
   size_t len;
-  size_t lenbuf = SIZE_MAX;
+  /* vasnprintf fails with EOVERFLOW when the buffer size argument is larger
+     than INT_MAX (if that fits into a 'size_t' at all).  */
+  size_t lenbuf = (SIZE_MAX < INT_MAX ? SIZE_MAX : INT_MAX);
 
   output = vasnprintf (str, &lenbuf, format, args);
   len = lenbuf;