Merge pull request #662 from htacg/issue-655

geoffmcl · web-flow · commit 1db220810633 · 2018-01-01T18:22:57.000+01:00
Issue #655 - Fix unsafe use of output buffer as input param - closes #655
diff --git a/src/messageobj.c b/src/messageobj.c
@@ -158,8 +158,17 @@ static TidyMessageImpl *tidyMessageCreateInitV( TidyDocImpl *doc,
 
     if ( ( cfgBool(doc, TidyMuteShow) == yes ) && level <= TidyFatal )
     {
-        TY_(tmbsnprintf)(result->messageOutputDefault, sizeMessageBuf, "%s (%s)", result->messageOutputDefault, TY_(tidyErrorCodeAsKey)(code) );
-        TY_(tmbsnprintf)(result->messageOutput, sizeMessageBuf, "%s (%s)", result->messageOutput, TY_(tidyErrorCodeAsKey)(code) );
+        /*\ Issue #655 - Unsafe to use output buffer as one of the va_list
+         *  input parameters in some snprintf implmentations.
+        \*/
+        ctmbstr pc = TY_(tidyErrorCodeAsKey)(code);
+        i = TY_(tmbstrlen)(result->messageOutputDefault);
+        if (i < sizeMessageBuf)
+            TY_(tmbsnprintf)(result->messageOutputDefault + i, sizeMessageBuf - i, " (%s)", pc );
+        i = TY_(tmbstrlen)(result->messageOutput);
+        if (i < sizeMessageBuf)
+            TY_(tmbsnprintf)(result->messageOutput + i, sizeMessageBuf - i, " (%s)", pc );
+        i = 0;
     }
 
     result->allowMessage = yes;
