Issue #655 - Fix unsafe use of output buffer as input param

2017-12-16 21:10:04 +01:00 · 2017-12-16 21:10:04 +01:00 · 629843401d
parent f0438bd4b8
commit 629843401d
1 changed files with 11 additions and 2 deletions
--- a/src/messageobj.c
+++ b/src/messageobj.c
@ -158,8 +158,17 @@ static TidyMessageImpl *tidyMessageCreateInitV( TidyDocImpl *doc,

    if ( ( cfgBool(doc, TidyMuteShow) == yes ) && level <= TidyFatal )
    {
-        TY_(tmbsnprintf)(result->messageOutputDefault, sizeMessageBuf, "%s (%s)", result->messageOutputDefault, TY_(tidyErrorCodeAsKey)(code) );
-        TY_(tmbsnprintf)(result->messageOutput, sizeMessageBuf, "%s (%s)", result->messageOutput, TY_(tidyErrorCodeAsKey)(code) );
+        /*\ Issue #655 - Unsafe to use output buffer as one of the va_list
+         *  input parameters in some snprintf implmentations.
+        \*/
+        ctmbstr pc = TY_(tidyErrorCodeAsKey)(code);
+        i = TY_(tmbstrlen)(result->messageOutputDefault);
+        if (i < sizeMessageBuf)
+            TY_(tmbsnprintf)(result->messageOutputDefault + i, sizeMessageBuf - i, " (%s)", pc );
+        i = TY_(tmbstrlen)(result->messageOutput);
+        if (i < sizeMessageBuf)
+            TY_(tmbsnprintf)(result->messageOutput + i, sizeMessageBuf - i, " (%s)", pc );
+        i = 0;
    }

    result->allowMessage = yes;