Fortify vsnprintf in more cases. Bug: http://b/30445072 Change-Id: I1893890f0e3b56533eef053eda1bd96a0b9a5119

commit: fb3873d4db3012ac2d1ba87d688138798787c6e0 [log] [tgz]
author: Elliott Hughes <enh@google.com> Wed Aug 10 11:07:54 2016 -0700
committer: Elliott Hughes <enh@google.com> Wed Aug 10 11:50:12 2016 -0700
tree: 1e392110ebe5ca3b0f3f466e493c1085b403b864
parent: f5042cab109f7136191fd316be1471532d2ddf71 [diff] [blame]
diff --git a/libc/bionic/fortify.cpp b/libc/bionic/fortify.cpp
index 11abeb1..92db5d9 100644
--- a/libc/bionic/fortify.cpp
+++ b/libc/bionic/fortify.cpp

@@ -424,7 +424,12 @@
 // Runtime implementation of __builtin____vsprintf_chk (used directly by compiler, not in headers).
 extern "C" int __vsprintf_chk(char* dst, int /*flags*/,
                               size_t dst_len_from_compiler, const char* format, va_list va) {
-  int result = vsnprintf(dst, dst_len_from_compiler, format, va);
+  // The compiler uses SIZE_MAX to mean "no idea", but our vsnprintf rejects sizes that large.
+  int result = vsnprintf(dst,
+                         dst_len_from_compiler == SIZE_MAX ? SSIZE_MAX : dst_len_from_compiler,
+                         format, va);
+
+  // Try to catch failures after the fact...
   __check_buffer_access("vsprintf", "write into", result + 1, dst_len_from_compiler);
   return result;
 }
commit	fb3873d4db3012ac2d1ba87d688138798787c6e0	[log] [tgz]
author	Elliott Hughes <enh@google.com>	Wed Aug 10 11:07:54 2016 -0700
committer	Elliott Hughes <enh@google.com>	Wed Aug 10 11:50:12 2016 -0700
tree	1e392110ebe5ca3b0f3f466e493c1085b403b864
parent	f5042cab109f7136191fd316be1471532d2ddf71 [diff] [blame]