Bug 11229 - off-by-one in snprintf() check
off-by-one in snprintf() check
Status: RESOLVED FIXED
Product: rsync
Classification: Unclassified
Component: core
3.1.1
All All
: P5 normal
: ---
Assigned To: Wayne Davison
Rsync QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-21 11:53 UTC by Stefan Behrens
Modified: 2015-04-22 17:33 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behrens 2015-04-21 11:53:03 UTC
From 55639a2dbc7b2fd5bca9f7068ae0153627e8a7fa Mon Sep 17 00:00:00 2001
From: Stefan Behrens <sbehrens@giantdisaster.de>
Date: Tue, 21 Apr 2015 13:50:38 +0200
Subject: [PATCH] rsync: fix of-by-one in check of snprintf() result

Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
---
 io.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/io.c b/io.c
index b9a9bd082737..03e13d846fa0 100644
--- a/io.c
+++ b/io.c
@@ -2283,7 +2283,7 @@ void io_printf(int fd, const char *format, ...)
        if (len < 0)
                exit_cleanup(RERR_PROTOCOL);

-       if (len > (int)sizeof buf) {
+       if (len >= (int)sizeof buf) {
                rprintf(FERROR, "io_printf() was too long for the buffer.\n");
                exit_cleanup(RERR_PROTOCOL);
        }
--
1.7.7
Comment 1 Wayne Davison 2015-04-22 17:33:15 UTC
Thanks for pointing that out, and for the patch.  I've applied it.

Note that it works better to attach the patch to the ticket instead of paste it, as that preserves the tabs, making it easier to apply the patch.