From 44faa52d3cdb68abe3018acd8973e21356bc7461 Mon Sep 17 00:00:00 2001
From: Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
Date: Thu, 2 Jun 2016 14:54:05 -0700
Subject: [PATCH] lib: replace: snprintf - Fix length calculation for hex/octal
 64-bit values.

Prevents truncation due to buffer size being too small.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11947

Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun  3 03:48:58 CEST 2016 on sn-devel-144

(cherry picked from commit 8814b2556583e1f8965e8bf5a93438d46e8d43e6)
---
 lib/replace/snprintf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c
index 86ba74c..63eb036 100644
--- a/lib/replace/snprintf.c
+++ b/lib/replace/snprintf.c
@@ -804,7 +804,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 {
 	int signvalue = 0;
 	unsigned LLONG uvalue;
-	char convert[20];
+	char convert[22+1]; /* 64-bit value in octal: 22 digits + \0 */
 	int place = 0;
 	int spadlen = 0; /* amount to space pad */
 	int zpadlen = 0; /* amount to zero pad */
@@ -834,8 +834,8 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 			(caps? "0123456789ABCDEF":"0123456789abcdef")
 			[uvalue % (unsigned)base  ];
 		uvalue = (uvalue / (unsigned)base );
-	} while(uvalue && (place < 20));
-	if (place == 20) place--;
+	} while(uvalue && (place < sizeof(convert)));
+	if (place == sizeof(convert)) place--;
 	convert[place] = 0;
 
 	zpadlen = max - place;
-- 
2.8.0.rc3.226.g39d4020