clean up the previous underflow check, and also point out

yet another one that may be a problem. nick? svn:r3016
author: Roger Dingledine <arma@torproject.org> 2004-11-29 08:40:24 +0000
committer: Roger Dingledine <arma@torproject.org> 2004-11-29 08:40:24 +0000
commit: 671a2de762e7b151710484cef2973bb6ef42ec66 (patch)
tree: 3c2328ad517cf8969fce8d72010a7489ee9ac034
parent: c1dc17e6e2f194d8c7078218be96cb96b9aaa6bd (diff)
download: tor-671a2de762e7b151710484cef2973bb6ef42ec66.tar.gz
tor-671a2de762e7b151710484cef2973bb6ef42ec66.zip
1 files changed, 4 insertions, 5 deletions
diff --git a/src/common/log.c b/src/common/log.c
index 4e4bc1862b..82211c98c9 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -122,10 +122,8 @@ static INLINE char *format_msg(char *buf, size_t buf_len,
   size_t n;
   int r;
   char *end_of_prefix;
-  if (buf_len < 2) { /* prevent integer underflow */
-    tor_assert(0);
-    exit(1);
-  }
+
+  tor_assert(buf_len >= 2); /* prevent integer underflow */
   buf_len -= 2; /* subtract 2 characters so we have room for \n\0 */
 
   n = _log_prefix(buf, buf_len, severity);
@@ -141,7 +139,8 @@ static INLINE char *format_msg(char *buf, size_t buf_len,
 
   r = tor_vsnprintf(buf+n,buf_len-n,format,ap);
   if (r < 0) {
-    n = buf_len-2;
+    n = buf_len-2; /* XXX is this line redundant with the -=2 above,
+                      and also a source of underflow danger? */
     strlcpy(buf+buf_len-TRUNCATED_STR_LEN-1, TRUNCATED_STR,
             buf_len-(buf_len-TRUNCATED_STR_LEN-1));
   } else {
author	Roger Dingledine <arma@torproject.org>	2004-11-29 08:40:24 +0000
committer	Roger Dingledine <arma@torproject.org>	2004-11-29 08:40:24 +0000
commit	671a2de762e7b151710484cef2973bb6ef42ec66 (patch)
tree	3c2328ad517cf8969fce8d72010a7489ee9ac034
parent	c1dc17e6e2f194d8c7078218be96cb96b9aaa6bd (diff)
download	tor-671a2de762e7b151710484cef2973bb6ef42ec66.tar.gz tor-671a2de762e7b151710484cef2973bb6ef42ec66.zip