Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-06 21:47:44 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix CID 1368158 (#7731)

Browse Source 
by keeping the ap argument read-only and use a copy instead, so both copies can be safely ended before returning
This commit is contained in:
Francesco Tamagni 2017-06-13 13:45:16 +02:00 committed by radare
parent f62df0d745
commit 4eab2a8553
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libr/cons/cons.c
View File

@ -779,22 +779,24 @@ R_API void r_cons_visual_write (char *buffer) {
R_API void r_cons_printf_list(const char *format, va_list ap) {
size_t size, written;
va_list ap2;
va_list ap2, ap3;
va_copy (ap2, ap);
va_copy (ap3, ap);
if (I.null || !format) {
va_end (ap2);
va_end (ap3);
return;
}
if (strchr (format, '%')) {
palloc (MOAR + strlen (format) * 20);
club:
size = I.buffer_sz - I.buffer_len - 1; /* remaining space in I.buffer */
written = vsnprintf (I.buffer + I.buffer_len, size, format, ap);
written = vsnprintf (I.buffer + I.buffer_len, size, format, ap3);
if (written >= size) { /* not all bytes were written */
palloc (written);
va_end (ap);
va_copy (ap, ap2);
va_end (ap3);
va_copy (ap3, ap2);
goto club;
}
I.buffer_len += written;
@ -803,6 +805,7 @@ club:
r_cons_strcat (format);
}
va_end (ap2);
va_end (ap3);
}
R_API void r_cons_printf(const char *format, ...) {