Check the return value of *snprintf for C99 style overflow reporting.

2001-12-26 19:48:15 +00:00 · 2001-12-26 19:48:15 +00:00 · 1b3c04d2c1
parent 096524c5bf
commit 1b3c04d2c1
4 changed files with 14 additions and 7 deletions
--- a/dlls/kernel/format_msg.c
+++ b/dlls/kernel/format_msg.c
@ -265,6 +265,7 @@ DWORD WINAPI FormatMessageA(
                            strcpy( fmtstr, "%s" );
                        }
                        if (args) {
+			    int ret;
                            int sz;
                            LPSTR b;

@ -282,8 +283,9 @@ DWORD WINAPI FormatMessageA(
                                b = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sz = 100);
                                /* CMF - This makes a BIG assumption about va_list */
                                TRACE("A BIG assumption\n");
-                                while (vsnprintf(b, sz, fmtstr, (va_list) argliststart) < 0) {
-                                    b = HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, b, sz += 100);
+                                while ((ret = vsnprintf(b, sz, fmtstr, (va_list) argliststart) < 0) || (ret >= sz)) {
+				    sz = (ret == -1 ? sz + 100 : ret + 1);
+                                    b = HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, b, sz);
                                }
                            }
                            for (x=b; *x; x++) ADD_TO_T(*x);
--- a/dlls/user/lstr.c
+++ b/dlls/user/lstr.c
@ -683,14 +683,16 @@ DWORD WINAPI FormatMessage16(
                        strcpy( fmtstr, "%s" );
                    }
 		    if (args) {
+			int	ret;
 		        int	sz;
 			LPSTR	b = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sz = 100);
 			
 			argliststart=args+insertnr-1;
 		       
 			/* CMF - This makes a BIG assumption about va_list */
-			while (vsnprintf(b, sz, fmtstr, (va_list) argliststart) < 0) {
-			    b = HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, b, sz += 100);
+			while ((ret = vsnprintf(b, sz, fmtstr, (va_list) argliststart) < 0) || (ret >= sz)) {
+			    sz = (ret == -1 ? sz + 100 : ret + 1);
+			    b = HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, b, sz);
 			}
 			for (x=b; *x; x++) ADD_TO_T(*x);
 		    } else {
--- a/programs/wineconsole/wineconsole.c
+++ b/programs/wineconsole/wineconsole.c
@ -22,7 +22,7 @@ void      XTracer(int level, const char* format, ...)
    len = vsnprintf(buf, sizeof(buf), format, valist);
    va_end(valist);
 
-    if (len <= -1) 
+    if ((len <= -1) || (len >= sizeof(buf)))
    {
        len = sizeof(buf) - 1;
        buf[len] = 0;
--- a/win32/console.c
+++ b/win32/console.c
@ -62,6 +62,7 @@ BOOL WINAPI FreeConsole(VOID)
 static	BOOL	start_console_renderer(void)
 {
    char		buffer[256];
+    int			ret;
    STARTUPINFOA	si;
    PROCESS_INFORMATION	pi;
    HANDLE		hEvent = 0;
@ -85,14 +86,16 @@ static	BOOL	start_console_renderer(void)
    /* first try environment variable */
    if ((p = getenv("WINECONSOLE")) != NULL)
    {
-	if (snprintf(buffer, sizeof(buffer), "%s -- --use-event=%d", p, hEvent) > 0 &&
+	ret = snprintf(buffer, sizeof(buffer), "%s -- --use-event=%d", p, hEvent);
+	if ((ret > -1) && (ret < sizeof(buffer)) &&
 	    CreateProcessA(NULL, buffer, NULL, NULL, TRUE, DETACHED_PROCESS, NULL, NULL, &si, &pi))
 	    goto succeed;
 	ERR("Couldn't launch Wine console from WINECONSOLE env var... trying default access\n");
    }

    /* then the regular installation dir */
-    if (snprintf(buffer, sizeof(buffer), "%s -- --use-event=%d", BINDIR "/wineconsole", hEvent) > 0 &&
+    ret = snprintf(buffer, sizeof(buffer), "%s -- --use-event=%d", BINDIR "/wineconsole", hEvent);
+    if ((ret > -1) && (ret < sizeof(buffer)) &&
 	CreateProcessA(NULL, buffer, NULL, NULL, TRUE, DETACHED_PROCESS, NULL, NULL, &si, &pi))
 	goto succeed;