resolved buffer overflow in snprintfz(); code cleanup;

[netdata.git] / src / web_buffer.c

diff --git a/src/web_buffer.c b/src/web_buffer.c
index 1e7e2534f73ced3c094c24d1dda81deb26476a97..a0f1537219cfb580941124d83dabe1f7347e0d0d 100644 (file)
--- a/src/web_buffer.c
+++ b/src/web_buffer.c
@@ -80,13 +80,14 @@ void buffer_strcat(BUFFER *wb, const char *txt)
 
        buffer_need_bytes(wb, 1);
 
-       char *s = &wb->buffer[wb->len], *end = &wb->buffer[wb->size];
+       char *s = &wb->buffer[wb->len], *start, *end = &wb->buffer[wb->size];
        long len = wb->len;
 
-       while(*txt && s != end) {
+       start = s;
+       while(*txt && s != end)
                *s++ = *txt++;
-               len++;
-       }
+
+       len += s - start;
 
        wb->len = len;
        buffer_overflow_check(wb);
@@ -110,7 +111,7 @@ void buffer_snprintf(BUFFER *wb, size_t len, const char *fmt, ...)
 {
        if(unlikely(!fmt || !*fmt)) return;
 
-       buffer_need_bytes(wb, len+1);
+       buffer_need_bytes(wb, len + 1);
 
        va_list args;
        va_start(args, fmt);
@@ -126,9 +127,9 @@ void buffer_vsprintf(BUFFER *wb, const char *fmt, va_list args)
 {
        if(unlikely(!fmt || !*fmt)) return;
 
-       buffer_need_bytes(wb, 1);
+       buffer_need_bytes(wb, 2);
 
-       size_t len = wb->size - wb->len;
+       size_t len = wb->size - wb->len - 1;
 
        wb->len += vsnprintfz(&wb->buffer[wb->len], len, fmt, args);
 
@@ -141,9 +142,10 @@ void buffer_sprintf(BUFFER *wb, const char *fmt, ...)
 {
        if(unlikely(!fmt || !*fmt)) return;
 
-       buffer_need_bytes(wb, 1);
+       buffer_need_bytes(wb, 2);
 
-       size_t len = wb->size - wb->len, wrote;
+       size_t len = wb->size - wb->len - 1;
+       size_t wrote;
 
        va_list args;
        va_start(args, fmt);