Skip to content

Commit f89f05b

Browse files
redboltzredboltz
authored
Merge pull request #821 from tsundre/fix-msgpack_checked_call
Correctly check return value of snprintf
2 parents bd5f814 + bf6cc03 commit f89f05b

File tree

3 files changed

+44
-2
lines changed

3 files changed

+44
-2
lines changed

include/msgpack/sysdep.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
#include <stddef.h>
1515

1616
#if defined(_MSC_VER) && _MSC_VER <= 1800
17-
# define snprintf(buf, len, format,...) _snprintf_s(buf, len, len, format, __VA_ARGS__)
17+
# define snprintf(buf, len, format,...) _snprintf_s(buf, len, _TRUNCATE, format, __VA_ARGS__)
1818
#endif
1919

2020
#if defined(_MSC_VER) && _MSC_VER < 1600

src/objectc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -256,7 +256,7 @@ void msgpack_object_print(FILE* out, msgpack_object o)
256256

257257
#define MSGPACK_CHECKED_CALL(ret, func, aux_buffer, aux_buffer_size, ...) \
258258
ret = func(aux_buffer, aux_buffer_size, __VA_ARGS__); \
259-
if (ret <= 0 || ret > (int)aux_buffer_size) return 0; \
259+
if (ret <= 0 || ret >= (int)aux_buffer_size) return 0; \
260260
aux_buffer = aux_buffer + ret; \
261261
aux_buffer_size = aux_buffer_size - ret \
262262

test/msgpack_c.cpp

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1368,3 +1368,45 @@ TEST(MSGPACKC, vref_buffer_overflow)
13681368
EXPECT_FALSE(msgpack_vrefbuffer_init(&vbuf, ref_size, chunk_size));
13691369
EXPECT_EQ(-1, msgpack_vrefbuffer_migrate(&vbuf, &to));
13701370
}
1371+
1372+
TEST(MSGPACKC, object_print_buffer_overflow) {
1373+
msgpack_object obj;
1374+
obj.type = MSGPACK_OBJECT_NIL;
1375+
char buffer[4];
1376+
1377+
int ret;
1378+
ret = msgpack_object_print_buffer(buffer, 1, obj);
1379+
EXPECT_EQ(0, ret);
1380+
ret = msgpack_object_print_buffer(buffer, 2, obj);
1381+
EXPECT_EQ(0, ret);
1382+
ret = msgpack_object_print_buffer(buffer, 3, obj);
1383+
EXPECT_EQ(0, ret);
1384+
ret = msgpack_object_print_buffer(buffer, 4, obj);
1385+
EXPECT_EQ(3, ret);
1386+
EXPECT_STREQ("nil", buffer);
1387+
}
1388+
1389+
TEST(MSGPACKC, object_bin_print_buffer_overflow) {
1390+
msgpack_object obj;
1391+
obj.type = MSGPACK_OBJECT_BIN;
1392+
obj.via.bin.ptr = "test";
1393+
obj.via.bin.size = 4;
1394+
char buffer[7];
1395+
1396+
int ret;
1397+
ret = msgpack_object_print_buffer(buffer, 1, obj);
1398+
EXPECT_EQ(0, ret);
1399+
ret = msgpack_object_print_buffer(buffer, 2, obj);
1400+
EXPECT_EQ(0, ret);
1401+
ret = msgpack_object_print_buffer(buffer, 3, obj);
1402+
EXPECT_EQ(0, ret);
1403+
ret = msgpack_object_print_buffer(buffer, 4, obj);
1404+
EXPECT_EQ(0, ret);
1405+
ret = msgpack_object_print_buffer(buffer, 5, obj);
1406+
EXPECT_EQ(0, ret);
1407+
ret = msgpack_object_print_buffer(buffer, 6, obj);
1408+
EXPECT_EQ(0, ret);
1409+
ret = msgpack_object_print_buffer(buffer, 7, obj);
1410+
EXPECT_EQ(6, ret);
1411+
EXPECT_STREQ("\"test\"", buffer);
1412+
}

0 commit comments

Comments
 (0)