Bug 1221747 - Make JS_vsnprintf() return a value that indicates failure if we reach the buffer limit r=nbp

2024-09-13 09:24:08 -07:00 · 2015-11-23 14:10:28 +00:00 · 2015-11-23 14:10:28 +00:00 · 71d3851a33
commit 71d3851a33
parent 067f61a237
1 changed files with 13 additions and 8 deletions
--- a/js/src/jsprf.cpp
+++ b/js/src/jsprf.cpp
@ -1010,10 +1010,8 @@ JS_PUBLIC_API(uint32_t)
 JS_vsnprintf(char* out, uint32_t outlen, const char* fmt, va_list ap)
 {
    SprintfState ss;
-    uint32_t n;

-    MOZ_ASSERT(int32_t(outlen) > 0);
-    if (int32_t(outlen) <= 0)
+    if (outlen == 0)
        return 0;

    ss.stuff = LimitStuff;
@ -1022,12 +1020,19 @@ JS_vsnprintf(char* out, uint32_t outlen, const char* fmt, va_list ap)
    ss.maxlen = outlen;
    (void) dosprintf(&ss, fmt, ap);

-    /* If we added chars, and we didn't append a null, do it now. */
-    if (ss.cur != ss.base && ss.cur[-1] != '\0')
-        ss.cur[-1] = '\0';
+    uint32_t charsWritten = ss.cur - ss.base;
+    MOZ_ASSERT(charsWritten > 0);

-    n = ss.cur - ss.base;
-    return n ? n - 1 : n;
+    // If we didn't append a null then we must have hit the buffer limit. Write
+    // a null terminator now and return a value indicating that we failed.
+    if (ss.cur[-1] != '\0') {
+        ss.cur[-1] = '\0';
+        return outlen;
+    }
+
+    // Success: return the number of character written excluding the null
+    // terminator.
+    return charsWritten - 1;
 }

 JS_PUBLIC_API(char*)