From 531c060b3690e5e303f60f8434f4049ebaa8a479 Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Mon, 29 Nov 2004 06:49:04 +0000
Subject: fix integer underflow in tor_vsnprintf() (probably exploitable)

svn:r3011
---
 src/common/compat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index d46077485a..da2b8a143d 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -90,12 +90,14 @@ int tor_snprintf(char *str, size_t size, const char *format, ...)
   return r;
 }
 
-/** Replacement for vsnpritnf; behavior differs as tor_snprintf differs from
+/** Replacement for vsnprintf; behavior differs as tor_snprintf differs from
  * snprintf.
  */
 int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
 {
   int r;
+  if (size == 0)
+    return -1; /* no place for the NUL */
 #ifdef MS_WINDOWS
   r = _vsnprintf(str, size, format, args);
 #else
-- 
cgit v1.2.3-54-g00ecf