diff options
author | Daniel Stenberg <daniel@haxx.se> | 2002-08-23 08:29:44 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2002-08-23 08:29:44 +0000 |
commit | af341158dbaba37e96ddf7463a04c8ed9d732e24 (patch) | |
tree | bf65233936a4e8ad71f4dde305e07223c216497c /firmware | |
parent | e6261734a025cd9053004ded80e06d2d9401d2e3 (diff) | |
download | rockbox-af341158dbaba37e96ddf7463a04c8ed9d732e24.tar.gz rockbox-af341158dbaba37e96ddf7463a04c8ed9d732e24.zip |
bad bad bad snprintf() overflow the buffer if the string passed in with a
%s didn't fit within the buffer!
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@1943 a1c6a512-1295-4272-9138-f99709370657
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/common/sprintf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/firmware/common/sprintf.c b/firmware/common/sprintf.c index 80bdda6336..c18a390b44 100644 --- a/firmware/common/sprintf.c +++ b/firmware/common/sprintf.c | |||
@@ -100,10 +100,10 @@ int vsnprintf (char *buf, int size, const char *fmt, va_list ap) | |||
100 | if (width > 0) | 100 | if (width > 0) |
101 | { | 101 | { |
102 | width -= strlen (str); | 102 | width -= strlen (str); |
103 | while (width-- > 0 && buf < end) | 103 | while (width-- > 0 && bp < end) |
104 | *bp++ = pad; | 104 | *bp++ = pad; |
105 | } | 105 | } |
106 | while (*str != '\0' && buf < end) | 106 | while (*str != '\0' && bp < end) |
107 | *bp++ = *str++; | 107 | *bp++ = *str++; |
108 | } | 108 | } |
109 | else | 109 | else |