From 7c910b94cf7fdd76b76206e9afb7818286cc67a0 Mon Sep 17 00:00:00 2001
From: Nuno Lopes <nlopess@php.net>
Date: Fri, 12 Dec 2008 23:43:18 +0000
Subject: [PATCH] make *printf() functions do not read strings past their
 specified length (if any)

---
 configure.in    |  1 +
 main/spprintf.c | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/configure.in b/configure.in
index 1396d6d1b6..11273a0d0e 100644
--- a/configure.in
+++ b/configure.in
@@ -625,6 +625,7 @@ strcoll \
 strdup \
 strerror \
 strftime \
+strnlen \
 strptime \
 strstr \
 strtok_r \
diff --git a/main/spprintf.c b/main/spprintf.c
index ec44e219b8..1ce9e81e38 100644
--- a/main/spprintf.c
+++ b/main/spprintf.c
@@ -76,6 +76,7 @@
  * SIO stdio-replacement strx_* functions by Panos Tsirigotis
  * <panos@alumni.cs.colorado.edu> for xinetd.
  */
+#define _GNU_SOURCE
 #include "php.h"
 
 #include <stddef.h>
@@ -180,6 +181,14 @@
 
 /* }}} */
 
+
+#if !HAVE_STRNLEN
+static size_t strnlen(const char *s, size_t maxlen) {
+	char *r = memchr(s, '\0', maxlen);
+	return r ? r-s : maxlen;
+}
+#endif
+
 /*
  * Do format conversion placing the output in buffer
  */
@@ -561,9 +570,11 @@ static void xbuf_format_converter(smart_str *xbuf, const char *fmt, va_list ap)
 				case 'v':
 					s = va_arg(ap, char *);
 					if (s != NULL) {
-						s_len = strlen(s);
-						if (adjust_precision && precision < s_len)
-							s_len = precision;
+						if (!adjust_precision) {
+							s_len = strlen(s);
+						} else {
+							s_len = strnlen(s, precision);
+						}
 					} else {
 						s = S_NULL;
 						s_len = S_NULL_LEN;
-- 
2.50.1