From: Guido van Rossum Date: Sat, 1 Dec 2001 16:00:10 +0000 (+0000) Subject: When the number of bytes written to the malloc'ed buffer is larger X-Git-Tag: v2.2.1c1~626 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=64be0b4aa5094d3a1a85eba20fcc9b7fca3289a9;p=python When the number of bytes written to the malloc'ed buffer is larger than the argument string size, copy as many bytes as will fit (including a terminating '\0'), rather than not copying anything. This to make it satisfy the C99 spec. --- diff --git a/Python/mysnprintf.c b/Python/mysnprintf.c index a373f4efe6..02f929137a 100644 --- a/Python/mysnprintf.c +++ b/Python/mysnprintf.c @@ -40,11 +40,11 @@ int myvsnprintf(char *str, size_t size, const char *format, va_list va) assert(len >= 0); if ((size_t)len > size + 512) Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); - if ((size_t)len > size) { - PyMem_Free(buffer); - return len - 1; - } - memcpy(str, buffer, len); + if ((size_t)len > size) + buffer[size-1] = '\0'; + else + size = len; + memcpy(str, buffer, size); PyMem_Free(buffer); return len - 1; }