diff options
author | Stanislav Malyshev <stas@php.net> | 2000-09-08 12:32:29 +0000 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2000-09-08 12:32:29 +0000 |
commit | 6426d1c9ce06969fd18e81949e18ee76fa27da1c (patch) | |
tree | 5e4483b2b3e9b26e4ce0ec48fbd493ebbe7adc74 | |
parent | 24b2feff633ef653781cc0e8231e1be3fe917c8b (diff) | |
download | php-git-6426d1c9ce06969fd18e81949e18ee76fa27da1c.tar.gz |
Fix crash on very long error messages
Manual for snprintf says:
If the output was truncated, the return value is -1, oth-
erwise it is the number of characters stored, not includ-
ing the terminating null.
And that's a blatant lie - in reality, libc 2.1 always returns number of
characters that _would be_ stored. I hate those libc bugs. Now we should go
and check every place we trusted snprintf return value.
-rw-r--r-- | main/main.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/main/main.c b/main/main.c index 50dffa369b..43dd9e6886 100644 --- a/main/main.c +++ b/main/main.c @@ -334,6 +334,9 @@ static void php_error_cb(int type, const char *error_filename, const uint error_ buffer_len = vsnprintf(buffer, sizeof(buffer)-1, format, args); buffer[sizeof(buffer)-1]=0; + if(buffer_len > sizeof(buffer) - 1 || buffer_len < 0) { + buffer_len = sizeof(buffer) - 1; + } /* display/log the error if necessary */ if ((EG(error_reporting) & type || (type & E_CORE)) |