From 128d9e23436584ea0d52c281b8fecb3b10f7953a Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Fri, 15 Jul 2011 16:07:23 +0200
Subject: osmo_hexdump: Fix segfault when input is too long.

In snprinftf the size is a size_t (unsigned) in case we want
to write more than we have available, len_remain will be < 0.

This was spotted while removing hexdump from simtrace and comparing
it to our implementation.

int snprintf(char *str, size_t size, const char *format, ...);
---
 src/utils.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/utils.c')

diff --git a/src/utils.c b/src/utils.c
index 3ee14abd..e1d4c893 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -86,6 +86,8 @@ static char *_osmo_hexdump(const unsigned char *buf, int len, char *delim)
 	hexd_buff[0] = 0;
 	for (i = 0; i < len; i++) {
 		int len_remain = sizeof(hexd_buff) - (cur - hexd_buff);
+		if (len_remain <= 0)
+			break;
 		int rc = snprintf(cur, len_remain, "%02x%s", buf[i], delim);
 		if (rc <= 0)
 			break;
-- 
cgit v1.2.3