From a3dbdc3e072ca70da686f9414e4e3efeee8d4b24 Mon Sep 17 00:00:00 2001
From: Marko Lindqvist <cazfi74@gmail.com>
Date: Thu, 29 Sep 2022 23:59:17 +0300
Subject: [PATCH 31/31] Improve fc_vsnprintf() boundary checks

See osdn #45719

Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
---
 utility/support.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/utility/support.c b/utility/support.c
index 34342e742c..cc10eca9d5 100644
--- a/utility/support.c
+++ b/utility/support.c
@@ -901,6 +901,12 @@ int fc_vsnprintf(char *str, size_t n, const char *format, va_list ap)
     static char *buf;
     size_t len;
 
+    if (n > VSNP_BUF_SIZE) {
+      fprintf(stderr, "fc_vsnprintf() call with length %u."
+              "Maximum supported is %d", (unsigned)n, VSNP_BUF_SIZE);
+      exit(EXIT_FAILURE);
+    }
+
     if (!buf) {
       buf = malloc(VSNP_BUF_SIZE);
 
@@ -910,12 +916,15 @@ int fc_vsnprintf(char *str, size_t n, const char *format, va_list ap)
 	exit(EXIT_FAILURE);
       }
     }
+
+    buf[VSNP_BUF_SIZE - 1] = '\0';
+
 #ifdef HAVE_VSNPRINTF
     vsnprintf(buf, n, format, ap);
 #else
     vsprintf(buf, format, ap);
 #endif /* HAVE_VSNPRINTF */
-    buf[VSNP_BUF_SIZE - 1] = '\0';
+
     len = strlen(buf);
 
     if (len >= VSNP_BUF_SIZE - 1) {
-- 
2.35.1