You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is indeed an error, but luckily I think dprintf_formatf never actually returns -1 inside libcurl so this error never happens. Should still fix of course.
This function no longer returns a negative value if the formatting
string is bad since the return value would sometimes be propagated as a
return code from the mprintf* functions and they are documented to
return the length of the output. Which cannot be negative.
Fixes#9149
Reported-by: yiyuaner on github
In the file
lib/sendf.c
, the functionCurl_infof
has the following code:Since the function
mvsnprintf
may return-1
(see the code here), the following buffer accessbuffer[len++]
can trigger a buffer overrun.Similarly, the code for
Curl_failf
may trigger buffer overrun too:The text was updated successfully, but these errors were encountered: