buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
# include <config.h>
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include "internal.h"
# include "testutils.h"
2012-12-04 16:04:07 +04:00
# include "virbuffer.h"
2012-12-12 22:06:53 +04:00
# include "viralloc.h"
2013-04-03 14:36:23 +04:00
# include "virstring.h"
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
2013-06-07 19:10:28 +04:00
# define VIR_FROM_THIS VIR_FROM_NONE
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
# define TEST_ERROR(...) \
do { \
if ( virTestGetDebug ( ) ) \
fprintf ( stderr , __VA_ARGS__ ) ; \
} while ( 0 )
struct testInfo {
int doEscape ;
} ;
2011-10-21 01:48:47 +04:00
static int testBufInfiniteLoop ( const void * data )
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
{
virBuffer bufinit = VIR_BUFFER_INITIALIZER ;
virBufferPtr buf = & bufinit ;
char * addstr = NULL , * bufret = NULL ;
int ret = - 1 ;
const struct testInfo * info = data ;
virBufferAddChar ( buf , ' a ' ) ;
/*
2011-10-21 01:48:47 +04:00
* Infinite loop used to trigger if :
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
* ( strlen + 1 > 1000 ) & & ( strlen = = buf - size - buf - use - 1 )
2011-10-21 01:48:47 +04:00
* which was the case after the above addchar at the time of the bug .
* This test is a bit fragile , since it relies on virBuffer internals .
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
*/
if ( virAsprintf ( & addstr , " %*s " , buf - > a - buf - > b - 1 , " a " ) < 0 ) {
goto out ;
}
if ( info - > doEscape )
virBufferEscapeString ( buf , " %s " , addstr ) ;
else
2011-04-30 20:34:49 +04:00
virBufferAsprintf ( buf , " %s " , addstr ) ;
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
ret = 0 ;
2014-03-25 10:53:44 +04:00
out :
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
bufret = virBufferContentAndReset ( buf ) ;
if ( ! bufret ) {
TEST_ERROR ( " Buffer had error set " ) ;
ret = - 1 ;
}
VIR_FREE ( addstr ) ;
VIR_FREE ( bufret ) ;
return ret ;
}
2011-10-21 01:48:47 +04:00
static int testBufAutoIndent ( const void * data ATTRIBUTE_UNUSED )
{
virBuffer bufinit = VIR_BUFFER_INITIALIZER ;
virBufferPtr buf = & bufinit ;
const char expected [ ] =
" 1 \n 2 \n 3 \n 4 \n 5 \n 6 \n 7 \n & \n 8 \n 9 \n 10 \n ' 11' \n " ;
char * result = NULL ;
int ret = 0 ;
if ( virBufferGetIndent ( buf , false ) ! = 0 | |
virBufferGetIndent ( buf , true ) ! = 0 ) {
TEST_ERROR ( " Wrong indentation " ) ;
ret = - 1 ;
}
virBufferAdjustIndent ( buf , 3 ) ;
2012-06-08 23:50:23 +04:00
if ( STRNEQ ( virBufferCurrentContent ( buf ) , " " ) ) {
TEST_ERROR ( " Wrong content " ) ;
ret = - 1 ;
}
2011-10-21 01:48:47 +04:00
if ( virBufferGetIndent ( buf , false ) ! = 3 | |
virBufferGetIndent ( buf , true ) ! = 3 | |
virBufferError ( buf ) ) {
TEST_ERROR ( " Wrong indentation " ) ;
ret = - 1 ;
}
virBufferAdjustIndent ( buf , - 2 ) ;
if ( virBufferGetIndent ( buf , false ) ! = 1 | |
virBufferGetIndent ( buf , true ) ! = 1 | |
virBufferError ( buf ) ) {
TEST_ERROR ( " Wrong indentation " ) ;
ret = - 1 ;
}
virBufferAdjustIndent ( buf , - 3 ) ;
if ( virBufferGetIndent ( buf , false ) ! = - 1 | |
virBufferGetIndent ( buf , true ) ! = - 1 | |
virBufferError ( buf ) ! = - 1 ) {
TEST_ERROR ( " Usage error not flagged " ) ;
ret = - 1 ;
}
virBufferFreeAndReset ( buf ) ;
if ( virBufferGetIndent ( buf , false ) ! = 0 | |
virBufferGetIndent ( buf , true ) ! = 0 | |
virBufferError ( buf ) ) {
TEST_ERROR ( " Reset didn't clear indentation " ) ;
ret = - 1 ;
}
virBufferAdjustIndent ( buf , 2 ) ;
virBufferAddLit ( buf , " 1 " ) ;
2013-09-25 18:31:18 +04:00
if ( virBufferError ( buf ) ) {
TEST_ERROR ( " Buffer had error " ) ;
return - 1 ;
}
2012-06-08 23:50:23 +04:00
if ( STRNEQ ( virBufferCurrentContent ( buf ) , " 1 " ) ) {
TEST_ERROR ( " Wrong content " ) ;
ret = - 1 ;
}
2011-10-21 01:48:47 +04:00
if ( virBufferGetIndent ( buf , false ) ! = 2 | |
virBufferGetIndent ( buf , true ) ! = 0 ) {
TEST_ERROR ( " Wrong indentation " ) ;
ret = - 1 ;
}
virBufferAddLit ( buf , " \n " ) ;
virBufferAdd ( buf , " " " 2 \n " , - 1 ) ; /* Extra "" appeases syntax-check */
virBufferAddChar ( buf , ' 3 ' ) ;
virBufferAddChar ( buf , ' \n ' ) ;
virBufferAsprintf ( buf , " %d " , 4 ) ;
virBufferAsprintf ( buf , " %c " , ' \n ' ) ;
virBufferStrcat ( buf , " 5 " , " \n " , " 6 \n " , NULL ) ;
virBufferEscapeString ( buf , " %s \n " , " 7 " ) ;
virBufferEscapeString ( buf , " %s \n " , " & " ) ;
virBufferEscapeSexpr ( buf , " %s " , " 8 \n " ) ;
virBufferURIEncodeString ( buf , " 9 " ) ;
virBufferAddChar ( buf , ' \n ' ) ;
virBufferEscapeShell ( buf , " 10 " ) ;
virBufferAddChar ( buf , ' \n ' ) ;
virBufferEscapeShell ( buf , " 11 " ) ;
virBufferAddChar ( buf , ' \n ' ) ;
2013-09-25 18:31:18 +04:00
if ( virBufferError ( buf ) ) {
TEST_ERROR ( " Buffer had error " ) ;
return - 1 ;
}
2011-10-21 01:48:47 +04:00
result = virBufferContentAndReset ( buf ) ;
if ( ! result | | STRNEQ ( result , expected ) ) {
virtTestDifference ( stderr , expected , result ) ;
ret = - 1 ;
}
VIR_FREE ( result ) ;
return ret ;
}
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
static int testBufTrim ( const void * data ATTRIBUTE_UNUSED )
{
virBuffer bufinit = VIR_BUFFER_INITIALIZER ;
virBufferPtr buf = NULL ;
char * result = NULL ;
const char * expected = " a,b " ;
int ret = - 1 ;
2013-06-18 19:52:00 +04:00
virBufferTrim ( buf , " " , 0 ) ;
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
buf = & bufinit ;
virBufferAddLit ( buf , " a; " ) ;
2013-06-18 19:52:00 +04:00
virBufferTrim ( buf , " " , 0 ) ;
virBufferTrim ( buf , " " , - 1 ) ;
virBufferTrim ( buf , NULL , 1 ) ;
virBufferTrim ( buf , NULL , 5 ) ;
virBufferTrim ( buf , " a " , 2 ) ;
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
virBufferAddLit ( buf , " ,b,, " ) ;
2013-06-18 19:52:00 +04:00
virBufferTrim ( buf , " b " , - 1 ) ;
virBufferTrim ( buf , " b,, " , 1 ) ;
virBufferTrim ( buf , " , " , - 1 ) ;
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
2013-09-25 18:31:18 +04:00
if ( virBufferError ( buf ) ) {
TEST_ERROR ( " Buffer had error " ) ;
return - 1 ;
}
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
result = virBufferContentAndReset ( buf ) ;
if ( ! result | | STRNEQ ( result , expected ) ) {
virtTestDifference ( stderr , expected , result ) ;
goto cleanup ;
}
2013-06-18 19:52:00 +04:00
virBufferTrim ( buf , NULL , - 1 ) ;
if ( virBufferError ( buf ) ! = - 1 ) {
TEST_ERROR ( " Usage error not flagged " ) ;
goto cleanup ;
}
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
ret = 0 ;
2014-03-25 10:53:44 +04:00
cleanup :
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
virBufferFreeAndReset ( buf ) ;
VIR_FREE ( result ) ;
return ret ;
}
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
static int
2011-04-29 20:21:20 +04:00
mymain ( void )
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
{
int ret = 0 ;
2010-09-13 15:33:31 +04:00
# define DO_TEST(msg, cb, data) \
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
do { \
struct testInfo info = { data } ; \
2013-09-20 22:13:35 +04:00
if ( virtTestRun ( " Buf: " msg , cb , & info ) < 0 ) \
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
ret = - 1 ; \
} while ( 0 )
DO_TEST ( " EscapeString infinite loop " , testBufInfiniteLoop , 1 ) ;
DO_TEST ( " VSprintf infinite loop " , testBufInfiniteLoop , 0 ) ;
2011-10-21 01:48:47 +04:00
DO_TEST ( " Auto-indentation " , testBufAutoIndent , 0 ) ;
virBuffer: add way to trim back extra text
I'm tired of writing:
bool sep = false;
while (...) {
if (sep)
virBufferAddChar(buf, ',');
sep = true;
virBufferAdd(buf, str);
}
This makes it easier, allowing one to write:
while (...)
virBufferAsprintf(buf, "%s,", str);
virBufferTrim(buf, ",", -1);
to trim any remaining comma.
* src/util/buf.h (virBufferTrim): Declare.
* src/util/buf.c (virBufferTrim): New function.
* tests/virbuftest.c (testBufTrim): Test it.
2012-05-19 02:36:59 +04:00
DO_TEST ( " Trim " , testBufTrim , 0 ) ;
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
2014-03-17 13:38:38 +04:00
return ret = = 0 ? EXIT_SUCCESS : EXIT_FAILURE ;
buf: Fix possible infinite loop in EscapeString, VSnprintf
The current code will go into an infinite loop if the printf generated
string is >= 1000, AND exactly 1 character smaller than the amount of free
space in the buffer. When this happens, we are dropped into the loop body,
but nothing will actually change, because count == (buf->size - buf->use - 1),
and virBufferGrow returns unchanged if count < (buf->size - buf->use)
Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
the NULL byte for us anyways, so we shouldn't need to manually accommodate
for it.
Here's a bug where we are actually hitting this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=602772
v2: Eric's improvements: while -> if (), remove extra va_list variable,
make sure we report buffer error if snprintf fails
v3: Add tests/virbuftest which reproduces the infinite loop before this
patch, works correctly after
2010-09-01 21:51:35 +04:00
}
VIRT_TEST_MAIN ( mymain )