emelie/tidy-html5
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #662 from htacg/issue-655

Browse source 
Issue #655 - Fix unsafe use of output buffer as input param - closes #655
This commit is contained in:
Geoff McLane 2018-01-01 18:22:57 +01:00 committed by GitHub
parent 5408bb70fd 629843401d
commit 1db2208106
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/messageobj.c
View file

@ -158,8 +158,17 @@ static TidyMessageImpl *tidyMessageCreateInitV( TidyDocImpl *doc,
if ( ( cfgBool(doc, TidyMuteShow) == yes ) && level <= TidyFatal )
{
TY_(tmbsnprintf)(result->messageOutputDefault, sizeMessageBuf, "%s (%s)", result->messageOutputDefault, TY_(tidyErrorCodeAsKey)(code) );
TY_(tmbsnprintf)(result->messageOutput, sizeMessageBuf, "%s (%s)", result->messageOutput, TY_(tidyErrorCodeAsKey)(code) );
/*\ Issue #655 - Unsafe to use output buffer as one of the va_list
* input parameters in some snprintf implmentations.
\*/
ctmbstr pc = TY_(tidyErrorCodeAsKey)(code);
i = TY_(tmbstrlen)(result->messageOutputDefault);
if (i < sizeMessageBuf)
TY_(tmbsnprintf)(result->messageOutputDefault + i, sizeMessageBuf - i, " (%s)", pc );
i = TY_(tmbstrlen)(result->messageOutput);
if (i < sizeMessageBuf)
TY_(tmbsnprintf)(result->messageOutput + i, sizeMessageBuf - i, " (%s)", pc );
i = 0;
}
result->allowMessage = yes;