From: Guido van Rossum <guido@python.org>
Date: Sat, 1 Dec 2001 16:00:10 +0000 (+0000)
Subject: When the number of bytes written to the malloc'ed buffer is larger
X-Git-Tag: v2.2.1c1~626
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=64be0b4aa5094d3a1a85eba20fcc9b7fca3289a9;p=python

When the number of bytes written to the malloc'ed buffer is larger
than the argument string size, copy as many bytes as will fit
(including a terminating '\0'), rather than not copying anything.
This to make it satisfy the C99 spec.
---

diff --git a/Python/mysnprintf.c b/Python/mysnprintf.c
index a373f4efe6..02f929137a 100644
--- a/Python/mysnprintf.c
+++ b/Python/mysnprintf.c
@@ -40,11 +40,11 @@ int myvsnprintf(char *str, size_t size, const char  *format, va_list va)
     assert(len >= 0);
     if ((size_t)len > size + 512)
 	Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf");
-    if ((size_t)len > size) {
-	PyMem_Free(buffer);
-	return len - 1;
-    }
-    memcpy(str, buffer, len);
+    if ((size_t)len > size)
+	buffer[size-1] = '\0';
+    else
+	size = len;
+    memcpy(str, buffer, size);
     PyMem_Free(buffer);
     return len - 1;
 }