diff --git a/src/objectc.c b/src/objectc.c index 04baad1c..b730a284 100644 --- a/src/objectc.c +++ b/src/objectc.c @@ -256,7 +256,7 @@ void msgpack_object_print(FILE* out, msgpack_object o) #define MSGPACK_CHECKED_CALL(ret, func, aux_buffer, aux_buffer_size, ...) \ ret = func(aux_buffer, aux_buffer_size, __VA_ARGS__); \ - if (ret <= 0 || ret > (int)aux_buffer_size) return 0; \ + if (ret <= 0 || ret >= (int)aux_buffer_size) return 0; \ aux_buffer = aux_buffer + ret; \ aux_buffer_size = aux_buffer_size - ret \ diff --git a/test/msgpack_c.cpp b/test/msgpack_c.cpp index cb70dfc9..4c94054f 100644 --- a/test/msgpack_c.cpp +++ b/test/msgpack_c.cpp @@ -1368,3 +1368,45 @@ TEST(MSGPACKC, vref_buffer_overflow) EXPECT_FALSE(msgpack_vrefbuffer_init(&vbuf, ref_size, chunk_size)); EXPECT_EQ(-1, msgpack_vrefbuffer_migrate(&vbuf, &to)); } + +TEST(MSGPACKC, object_print_buffer_overflow) { + msgpack_object obj; + obj.type = MSGPACK_OBJECT_NIL; + char buffer[4]; + + int ret; + ret = msgpack_object_print_buffer(buffer, 1, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 2, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 3, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 4, obj); + EXPECT_EQ(3, ret); + EXPECT_STREQ("nil", buffer); +} + +TEST(MSGPACKC, object_bin_print_buffer_overflow) { + msgpack_object obj; + obj.type = MSGPACK_OBJECT_BIN; + obj.via.bin.ptr = "test"; + obj.via.bin.size = 4; + char buffer[7]; + + int ret; + ret = msgpack_object_print_buffer(buffer, 1, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 2, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 3, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 4, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 5, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 6, obj); + EXPECT_EQ(0, ret); + ret = msgpack_object_print_buffer(buffer, 7, obj); + EXPECT_EQ(6, ret); + EXPECT_STREQ("\"test\"", buffer); +}