libc/minimal: snprintf(): KILL negative len parameter

snprintf() implements the ability to foce a negative value through the (unsigned) size_t len parameter to allow the formatter to use a maximum size string. This is point less, we don't have as much memory and this is a recipe for all kinds of vulnerabilities. Kill the whole thing, the testcase it represents and thank Coverity for finding this thing. Whatever use it had before, it has no more. Change-Id: If422246548664699d8aa328a1b9304ef13cab7ea Coverity-ID: 131625 Coverity-ID: 131626 Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
2016-11-22 11:20:55 -08:00 · 2016-11-22 11:20:55 -08:00 · b53e6d7774
commit b53e6d7774
parent 1ce435b646
2 changed files with 4 additions and 53 deletions
--- a/lib/libc/minimal/source/stdout/sprintf.c
+++ b/lib/libc/minimal/source/stdout/sprintf.c
@ -45,12 +45,8 @@ int snprintf(char *_Restrict s, size_t len, const char *_Restrict format, ...)
 	int     r;
 	char    dummy;

-	if ((int) len <= 0) {
-		if (len == 0) {
-			s = &dummy; /* write final NUL to dummy, since can't change *s */
-		} else {
-		len = 0x7fffffff;  /* allow up to "maxint" characters */
-		}
+	if (len == 0) {
+		s = &dummy; /* write final NUL to dummy, can't change *s */
 	}

 	p.ptr = s;
@ -88,12 +84,8 @@ int vsnprintf(char *_Restrict s, size_t len, const char *_Restrict format, va_li
 	int     r;
 	char    dummy;

-	if ((int) len <= 0) {
-		if (len == 0) {
-			s = &dummy; /* write final NUL to dummy, since can't change *s */
-		} else {
-			len = 0x7fffffff;  /* allow up to "maxint" characters */
-		}
+	if (len == 0) {
+		s = &dummy; /* write final NUL to dummy, can't change * *s */
 	}

 	p.ptr = s;