From 9caf95c0bd2df7a622b3839a13d5db102282e717 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0052-ps/output.c: Handle negative snprintf() return value. May happen if strlen(src) > INT_MAX for example. This patch prevents escaped_copy() from increasing maxroom and returning -1 (= number of bytes consumed in dst). ---------------------------- adapted for newlib branch . formerly applied to proc/escape.c . function was moved to ps/output.c Signed-off-by: Jim Warner --- ps/output.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ps/output.c b/ps/output.c index a75e234c..503dba64 100644 --- a/ps/output.c +++ b/ps/output.c @@ -126,6 +126,10 @@ static int escaped_copy(char *restrict dst, const char *restrict src, int bufsiz if (bufsize > *maxroom+1) bufsize = *maxroom+1; n = snprintf(dst, bufsize, "%s", src); + if (n < 0) { + *dst = '\0'; + return 0; + } if (n >= bufsize) n = bufsize-1; *maxroom -= n; -- 2.40.0