From 31d11b97deec83cdb064c36d9b46353a4092e1b4 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 22 Jun 2017 04:10:29 +0300 Subject: [PATCH 1/1] log: pass the correct length to vsnprintf (#6168) This prevents log_object_internalv from corrupting the stack. Closes #6147. Many thanks to Walter Doekes for the code review. --- src/basic/log.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/basic/log.c b/src/basic/log.c index a2285b4f5..887731390 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -732,7 +732,6 @@ int log_object_internalv( PROTECT_ERRNO; char *buffer, *b; - size_t l; if (error < 0) error = -error; @@ -749,16 +748,12 @@ int log_object_internalv( size_t n; n = strlen(object); - l = n + 2 + LINE_MAX; - - buffer = newa(char, l); + buffer = newa(char, n + 2 + LINE_MAX); b = stpcpy(stpcpy(buffer, object), ": "); - } else { - l = LINE_MAX; - b = buffer = newa(char, l); - } + } else + b = buffer = newa(char, LINE_MAX); - vsnprintf(b, l, format, ap); + vsnprintf(b, LINE_MAX, format, ap); return log_dispatch_internal(level, error, file, line, func, object_field, object, extra_field, extra, buffer); -- 2.30.2