---
 lib/util/stringutils.c | 11 +++++++++--
 lib/util/stringutils.h | 10 ++++++----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/util/stringutils.c b/lib/util/stringutils.c
index f9b29f1..514d2a0 100644
--- a/lib/util/stringutils.c
+++ b/lib/util/stringutils.c
@@ -304,6 +304,9 @@ char *scrub_for_print(
     char const *other_chars_to_escape)
 {
     size_t i;
+    size_t len_out = 0;
+    // 'used' equals 'len_out' until the output becomes truncated, at
+    // which point it is set to 'dst_sz'
     size_t used = 0;
 
     dst[0] = '\0';
@@ -326,11 +329,15 @@ char *scrub_for_print(
             fmt = "\\%c";
         }
 
-        used += snprintf(&dst[used], dst_sz - used, fmt, src[i]);
+        int ret = snprintf(&dst[used], dst_sz - used, fmt, src[i]);
+        len_out += ret;
+        used += ((size_t)ret > (dst_sz - used)) ? (dst_sz - used) : 
(size_t)ret;
     }
 
     if (dst_len_out)
-        *dst_len_out = used;
+    {
+        *dst_len_out = len_out;
+    }
 
     return dst;
 }
diff --git a/lib/util/stringutils.h b/lib/util/stringutils.h
index 5dbf4ff..154b54f 100644
--- a/lib/util/stringutils.h
+++ b/lib/util/stringutils.h
@@ -141,6 +141,7 @@ int expand_by_doubling(
  * @brief Replace questionable chars from string for printing.
  *
  * @note Caller handles memory for dst.
+ * @note Output might be truncated, compared to input.
  * @note dst will be null terminated, at or before index dst_sz-1.
  *
  * @param[out] dst
@@ -149,12 +150,13 @@ int expand_by_doubling(
  * @param[in] src
  *     The input string to escape.  This must not be NULL.
  * @param[in] dst_sz
- *     Size of the buffer at @p dst.  The buffer must be big enough to
- *     hold the entire escaped string, including the nul terminator.
+ *     Size of the buffer at @p dst.  This must not be 0.
  * @param[out] dst_len_out
  *     On return, the value at this location will be set to the length
- *     of the escaped string (excluding the nul terminator).  This
- *     parameter may be NULL.
+ *     of the escaped string (excluding the nul terminator), had @p
+ *     dst_sz been big enough.  If this value is greater than or equal
+ *     to @p dst_sz, then the output was truncated.  This parameter
+ *     may be NULL.
  * @param[in] other_chars_to_escape
  *     nul-terminated array of additional characters to escape with a
  *     backslash.  This may be NULL.
-- 
2.4.3


------------------------------------------------------------------------------
_______________________________________________
rpstir-devel mailing list
rpstir-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rpstir-devel

Reply via email to