Avoid crash in virBufferEscapeString

* src/util/buf.c: if virBufferEscapeString was called on a buffer that had 0 bytes of space, a size of -1 will be passed to snprintf, resulting in a segmentation fault, this preallocate some space.

Avoid crash in virBufferEscapeString
* src/util/buf.c: if virBufferEscapeString was called on a buffer that had 0 bytes of space, a size of -1 will be passed to snprintf, resulting in a segmentation fault, this preallocate some space.
04e06862 · Laine Stump · Daniel Veillard · e3915958 · 04e06862
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

src/util/buf.c src/util/buf.c +6 -0

未找到文件。
--- a/src/util/buf.c
+++ b/src/util/buf.c
@@ -318,6 +318,12 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
    }
    *out = 0;

+    if ((buf->use >= buf->size) &&
+        virBufferGrow(buf, 100) < 0) {
+        VIR_FREE(escaped);
+        return;
+    }
+
    size = buf->size - buf->use - 1;
    while (((count = snprintf(&buf->content[buf->use], size, format,
                              (char *)escaped)) < 0) || (count >= size - 1)) {