From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 12349 invoked from network); 8 Feb 2022 11:37:45 -0000 Received: from lists.zx2c4.com (165.227.139.114) by inbox.vuxu.org with ESMTPUTF8; 8 Feb 2022 11:37:45 -0000 Received: by lists.zx2c4.com (OpenSMTPD) with ESMTP id f08b0619; Tue, 8 Feb 2022 11:37:32 +0000 (UTC) Return-Path: Received: from mout-y-111.mailbox.org (mout-y-111.mailbox.org [2001:67c:2050:1::465:111]) by lists.zx2c4.com (OpenSMTPD) with ESMTPS id 2d384e54 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Tue, 8 Feb 2022 11:37:31 +0000 (UTC) Received: from smtp102.mailbox.org (unknown [91.198.250.119]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-y-111.mailbox.org (Postfix) with ESMTPS id 4JtLbH2qpfz9sGs for ; Tue, 8 Feb 2022 12:37:31 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1644320251; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ZDWYoQLG7BWpQuzak1bNBE6Yrl8EOJrXeuGuUdueWkk=; b=ikXfurkvKh93iVojLfPcVGuv+MCJ5vTgZeK5Unxt7w7ZCam61lepPsAP7A7VoVQ4nne+GG IsRRik7JSj502fkhZVvlF+0ShG8Id/6jJytfcEjxRRtIC0nh/F9yqbLyK18C7uCWTR5gUU GtsuY7ZXj9CbZCjdWU3JDv+x7h4XBcJskuzlVhx1KDvZozmVm1BU/ZYfeltMt100WTDVdu QLa1Kh1ZU4uwRAsPzcfjFFOmAB+42RXAv2YixqRcKXHLKISzAZslgjIaiEFm0qtCH8gp/H ev1JQFfnkVbeDHDVcQMFaXJT7lcgOJGLMnM7OLDMFH9ct7OuDKhuSK03GGyw7w== From: lemon To: cgit@lists.zx2c4.com Cc: lemon Subject: [PATCH] html: fix fmt() off-by-one error Date: Tue, 8 Feb 2022 12:37:45 +0100 Message-Id: <20220208113745.13748-1-lsof@mailbox.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: cgit@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: List for cgit developers and users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: cgit-bounces@lists.zx2c4.com Sender: "CGit" vsnprintf returns the byte count of the formatted output not including the null terminator, so in the case that len == 1024 the last character of the output was being truncated and not detected by the later check. Changing the greater than comparison to greater than or equal fixes this edge case. --- html.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html.c b/html.c index 7f81965..0bac34b 100644 --- a/html.c +++ b/html.c @@ -59,7 +59,7 @@ char *fmt(const char *format, ...) va_start(args, format); len = vsnprintf(buf[bufidx], sizeof(buf[bufidx]), format, args); va_end(args); - if (len > sizeof(buf[bufidx])) { + if (len >= sizeof(buf[bufidx])) { fprintf(stderr, "[html.c] string truncated: %s\n", format); exit(1); } -- 2.35.1