From 53f528335c81f7b6fde99fc4fad5f19e0ebea8dc Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sun, 15 Jan 2017 14:35:06 +0100 Subject: [PATCH] The internal vsnprintf_r function looped or crashed on size parameter with hexadecimal output --- CHANGES | 3 +++ vsnprintf_r.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 5aee804..982cad0 100644 --- a/CHANGES +++ b/CHANGES @@ -54,6 +54,9 @@ corrections: indentation. Thanks to Paul Wouters for reporting. + The internal vsnprintf_r function looped or crashed on size parameter + with hexadecimal output. + porting: Type conflict between int and sig_atomic_t between declaration and definition of diag_immediate_type and diag_immediate_exit broke diff --git a/vsnprintf_r.c b/vsnprintf_r.c index 03db71b..eaa610f 100644 --- a/vsnprintf_r.c +++ b/vsnprintf_r.c @@ -296,7 +296,7 @@ static char *diag_longlong_to_dec(char *field, size_t n, long long ll, int leadi */ static char *diag_ulonglong_to_hex(char *field, size_t n, unsigned long long ull, int leading0, size_t size) { char *np = field+n; /* point to the end */ - unsigned int i; + ptrdiff_t i; char c; if (n == 0) return NULL; @@ -313,7 +313,7 @@ static char *diag_ulonglong_to_hex(char *field, size_t n, unsigned long long ull c = ' '; } i = size - strlen(np); - while (--i >= 0) { + while (i-- > 0) { *--np = c; } }