Fix crash on very long error messages

Manual for snprintf says:
       If  the output was truncated, the return value is -1, oth-
       erwise it is the number of characters stored, not  includ-
       ing the terminating null.
And that's a blatant lie - in reality, libc 2.1 always returns number of
characters that _would be_ stored. I hate those libc bugs. Now we should go
and check every place we trusted snprintf return value.

diff --git a/main/main.c b/main/main.c
index 50dffa369b9d4837cc6c0b3e4b9ef46e6e28d0c5..43dd9e6886f5976f941fa254f90424b1cc1f827b 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -334,6 +334,9 @@ static void php_error_cb(int type, const char *error_filename, const uint error_
 
        buffer_len = vsnprintf(buffer, sizeof(buffer)-1, format, args);
        buffer[sizeof(buffer)-1]=0;
+       if(buffer_len > sizeof(buffer) - 1 || buffer_len < 0) {
+               buffer_len = sizeof(buffer) - 1;
+       }
 
        /* display/log the error if necessary */
        if ((EG(error_reporting) & type || (type & E_CORE))