From 65567b59e54e364754650610ee33963eb84230d1 Mon Sep 17 00:00:00 2001 From: Igor Ryzhov Date: Mon, 4 Mar 2024 20:41:41 +0200 Subject: [PATCH] lib: fix infinite loop in __darr_in_vsprintf vsnprintf returns the number of bytes to write *not including* the terminating NULL byte. When increasing the capacity of the array, we should add one more byte, otherwise, if the error length is exactly a power of 2, the capacity is not increased enough and vsnprintf always fails. Signed-off-by: Igor Ryzhov --- lib/darr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/darr.c b/lib/darr.c index 4f3bd9fb67ab..7dcc6d3fabff 100644 --- a/lib/darr.c +++ b/lib/darr.c @@ -77,7 +77,7 @@ char *__darr_in_vsprintf(char **sp, bool concat, const char *fmt, va_list ap) else if ((size_t)len < darr_avail(*sp)) _darr_len(*sp) += len; else { - darr_ensure_cap(*sp, darr_len(*sp) + (size_t)len); + darr_ensure_cap(*sp, darr_len(*sp) + (size_t)len + 1); goto again; } return *sp;