From 85b06f9365ae6776deb9fcf09f450f777ace9e34 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Mon, 11 Jun 2012 14:29:30 -0700 Subject: [PATCH] inet_ntop: pass the size of tmp to snprintf() Fix runtime error when snprintf() FORTIFY_SOURCE protections are applied. The size passed to snprintf() is larger than the tmp buffer size, which results in a runtime assertion failure. Even though the size passed to snprintf is larger than the buffer, there's no danger of overwriting the buffer because of the format string passed to snprintf. Change-Id: I35f0217d25f3b9c6d04c5a76c3238759c235545a --- libc/inet/inet_ntop.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libc/inet/inet_ntop.c b/libc/inet/inet_ntop.c index 5748da3c4..c3448f1e5 100644 --- a/libc/inet/inet_ntop.c +++ b/libc/inet/inet_ntop.c @@ -75,8 +75,13 @@ inet_ntop4(const u_char *src, char *dst, size_t size) char tmp[sizeof "255.255.255.255"]; int l; +#if defined(ANDROID_CHANGES) + l = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]); + if (l <= 0 || (size_t)l >= size || (size_t)l >= sizeof(tmp)) { +#else l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); if (l <= 0 || (size_t)l >= size) { +#endif errno = ENOSPC; return (NULL); }