LibC: Stop stdio from adding null terminators out of bounds (#685)

When using the bounded string operations (e.g. snprintf), the null terminator was always being written even if there was no space for it (or indeed any valid buffer at all) This overwriting caused segmentation faults and memory corruption
Author: https://github.com/kyllikki Commit: https://github.com/SerenityOS/serenity/commit/1be4c6e9cfc Pull-request: https://github.com/SerenityOS/serenity/pull/685
2024-11-10 13:00:29 +03:00 · 2019-10-24 13:12:37 +01:00 · 2019-10-24 13:12:37 +01:00 · 1be4c6e9cf · 2024-07-19 11:33:32 +09:00
commit 1be4c6e9cf
parent bddabad3d9
1 changed files with 3 additions and 3 deletions
--- a/Libraries/LibC/stdio.cpp
+++ b/Libraries/LibC/stdio.cpp
@ -395,7 +395,6 @@ int sprintf(char* buffer, const char* fmt, ...)
    va_list ap;
    va_start(ap, fmt);
    int ret = vsprintf(buffer, fmt, ap);
-    buffer[ret] = '\0';
    va_end(ap);
    return ret;
 }
@ -413,7 +412,9 @@ int vsnprintf(char* buffer, size_t size, const char* fmt, va_list ap)
 {
    __vsnprintf_space_remaining = size;
    int ret = printf_internal(sized_buffer_putch, buffer, fmt, ap);
-    buffer[ret] = '\0';
+    if (__vsnprintf_space_remaining) {
+	    buffer[ret] = '\0';
+    }
    return ret;
 }

@ -422,7 +423,6 @@ int snprintf(char* buffer, size_t size, const char* fmt, ...)
    va_list ap;
    va_start(ap, fmt);
    int ret = vsnprintf(buffer, size, fmt, ap);
-    buffer[ret] = '\0';
    va_end(ap);
    return ret;
 }