From 71f6e3a21f9a7e21308f4f26471c24746607c8b9 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 23 Apr 2021 18:06:37 +0200 Subject: [PATCH] Merge pull request #2687 from rouault/pj_vlog_buffer_overflow pj_vlog(): fix buffer overflow in case of super lengthy error message --- src/log.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/log.cpp b/src/log.cpp index c50b0ebc88..6bad34d44d 100644 --- a/src/log.cpp +++ b/src/log.cpp @@ -49,7 +49,7 @@ void pj_stderr_logger( void *app_data, int level, const char *msg ) /* pj_vlog() */ /************************************************************************/ void pj_vlog( PJ_CONTEXT *ctx, int level, const char *fmt, va_list args ); -/* Workhorse for the log functions - relates to pj_log as vsprintf relates to sprintf */ + void pj_vlog( PJ_CONTEXT *ctx, int level, const char *fmt, va_list args ) { @@ -67,12 +67,13 @@ void pj_vlog( PJ_CONTEXT *ctx, int level, const char *fmt, va_list args ) if( level > debug_level ) return; - msg_buf = (char *) malloc(100000); + constexpr size_t BUF_SIZE = 100000; + msg_buf = (char *) malloc(BUF_SIZE); if( msg_buf == nullptr ) return; - /* we should use vsnprintf where available once we add configure detect.*/ - vsprintf( msg_buf, fmt, args ); + vsnprintf( msg_buf, BUF_SIZE, fmt, args ); + msg_buf[BUF_SIZE-1] = '\0'; ctx->logger( ctx->logger_app_data, level, msg_buf );