From 72a6a8cb5c7172f39f7677c27ce781d7816723a3 Mon Sep 17 00:00:00 2001
From: Jakub Zawadzki <darkjames@darkjames.pl>
Date: Sat, 17 May 2014 13:06:01 +0200
Subject: Fixes after wmem_strdup_vprintf() optimization

- g_vsnprintf()[1] buffer size can includes space for terminating NUL,
  this simplifies code, and fix problems with string truncation

- g_vsnprintf() returns number of bytes without terminating NUL, so we
  need to do + 1

- second g_vsnprintf() call use already consumed 'ap2' va_arg, which
  makes wmem_strdup_vprintf() doesn't work/ crash for FORMATTED string length > 80

[1] https://developer.gnome.org/glib/stable/glib-String-Utility-Functions.html#g-vsnprintf

Change-Id: I0ebb7f452e3e89c9b55f8ac889166f02e8a7c982
Reviewed-on: https://code.wireshark.org/review/1667
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 epan/wmem/wmem_strutl.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'epan/wmem')

diff --git a/epan/wmem/wmem_strutl.c b/epan/wmem/wmem_strutl.c
index 62df200e3d..38c3d0b34c 100644
--- a/epan/wmem/wmem_strutl.c
+++ b/epan/wmem/wmem_strutl.c
@@ -91,21 +91,21 @@ gchar *
 wmem_strdup_vprintf(wmem_allocator_t *allocator, const gchar *fmt, va_list ap)
 {
     va_list ap2;
-    gchar* dst;
+    gchar *dst;
     int needed_len;
 
     G_VA_COPY(ap2, ap);
 
-    /*len = g_printf_string_upper_bound(fmt, ap);*/
+    /* needed_len = g_printf_string_upper_bound(fmt, ap2); */
 
     dst = (gchar *)wmem_alloc(allocator, WMEM_STRDUP_VPRINTF_DEFAULT_BUFFER);
 
-    /* Returns: the number of characters which would be produced if the buffer was large enough. */
-    needed_len = g_vsnprintf(dst, (gulong) WMEM_STRDUP_VPRINTF_DEFAULT_BUFFER-1, fmt, ap2);
-    if(needed_len > WMEM_STRDUP_VPRINTF_DEFAULT_BUFFER){
+    /* Returns: the number of characters which would be produced if the buffer was large enough (without NUL) */
+    needed_len = g_vsnprintf(dst, (gulong) WMEM_STRDUP_VPRINTF_DEFAULT_BUFFER, fmt, ap2) + 1;
+    if (needed_len > WMEM_STRDUP_VPRINTF_DEFAULT_BUFFER) {
         wmem_free(allocator, dst);
-        dst = (gchar *)wmem_alloc(allocator, needed_len+1);
-        g_vsnprintf(dst, (gulong) needed_len, fmt, ap2);
+        dst = (gchar *)wmem_alloc(allocator, needed_len);
+        g_vsnprintf(dst, (gulong) needed_len, fmt, ap);
     }
 
     va_end(ap2);
-- 
cgit v1.2.1