Following patch fixes calling vsnprintf with (NULL, 0) to get the
length of the string. The problem is that the end ptr is set to
0xFFFFFFFF in this case, causing a write into address 0 as start <
end.
Cheers,
Rusty.
-- Premature optmztion is rt of all evl. --DK--- working-pmac-module/lib/vsprintf.c.~1~ Mon Sep 17 08:53:56 2001 +++ working-pmac-module/lib/vsprintf.c Thu Sep 20 21:26:05 2001 @@ -246,6 +246,8 @@ /* 'z' support added 23/7/1999 S.H. */ /* 'z' changed to 'Z' --davidm 1/25/99 */ + /* buf = NULL, size = 0 is common for getting length */ + if (size == 0) buf = (void *)1; str = buf; end = buf + size - 1; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 23 2001 - 21:00:37 EST