Package: manpages-dev
Version: 3.74-1
The example in the printf(3) manpages looks like this (with boring parts
omitted):
int n;
/* ... */
n = vsnprintf(p, size, fmt, ap);
/* ... */
if (n < 0) {
/* ... */
return NULL;
}
/* ... */
size = n + 1;
But vsnprintf could return INT_MAX, which would then cause "n + 1" to
overflow.
(AFAICS, the glibc vsnprintf implementation never returns INT_MAX, but
it could in principle.)
I'd suggest changing "n < 0" to "n < 0 || n == INT_MAX".
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
