Subject: Re: lib/35401: blubb
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: netbsd-bugs
Date: 01/11/2007 03:00:06
The following reply was made to PR lib/35401; it has been noted by GNATS.

From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, lib-bug-people@netbsd.org,
	gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: lib/35401: blubb
Date: Wed, 10 Jan 2007 21:57:58 -0500

 On Jan 10, 11:45pm, andreas.wiese@instandbesetzt.net (Andreas Wiese) wrote:
 -- Subject: lib/35401: blubb
 
 How about this:
 
 christos
 
 Index: vfprintf.c
 ===================================================================
 RCS file: /cvsroot/src/lib/libc/stdio/vfprintf.c,v
 retrieving revision 1.54
 diff -u -u -r1.54 vfprintf.c
 --- vfprintf.c	30 Oct 2006 05:10:40 -0000	1.54
 +++ vfprintf.c	11 Jan 2007 02:56:58 -0000
 @@ -353,6 +353,8 @@
  		if ((m = fmt - cp) != 0) {
  			PRINT(cp, m);
  			ret += m;
 +			if (ret < 0)
 +				goto ovfl;
  		}
  		if (n <= 0)
  			goto done;
 @@ -798,6 +800,8 @@
  
  		/* finally, adjust ret */
  		ret += width > realsz ? width : realsz;
 +		if (ret < 0)
 +			goto ovfl;
  
  		FLUSH();	/* copy out the I/O vectors */
  	}
 @@ -811,6 +815,9 @@
  	if (__sferror(fp))
  		ret = -1;
  	return (ret);
 +ovfl:
 +	errno = ERANGE;
 +	return -1;
  }
  
  #ifndef NO_FLOATING_POINT