@@ -443,19 +443,34 @@ static void upnp_event_prepare(struct upnp_event_notify * obj)
443443 l = 0 ;
444444 }
445445 obj -> buffersize = 1024 ;
446- obj -> buffer = malloc (obj -> buffersize );
447- if (!obj -> buffer ) {
448- syslog (LOG_ERR , "%s: malloc returned NULL" , "upnp_event_prepare" );
449- if (xml ) {
450- free (xml );
446+ for (;;) {
447+ obj -> buffer = malloc (obj -> buffersize );
448+ if (!obj -> buffer ) {
449+ syslog (LOG_ERR , "%s: malloc returned NULL" , "upnp_event_prepare" );
450+ if (xml ) {
451+ free (xml );
452+ }
453+ obj -> state = EError ;
454+ return ;
451455 }
452- obj -> state = EError ;
453- return ;
456+ obj -> tosend = snprintf (obj -> buffer , obj -> buffersize , notifymsg ,
457+ obj -> path , obj -> addrstr , obj -> portstr , l + 2 ,
458+ obj -> sub -> uuid , obj -> sub -> seq ,
459+ l , xml );
460+ if (obj -> tosend < 0 ) {
461+ syslog (LOG_ERR , "%s: snprintf() failed" , "upnp_event_prepare" );
462+ if (xml ) {
463+ free (xml );
464+ }
465+ obj -> state = EError ;
466+ return ;
467+ } else if (obj -> tosend < obj -> buffersize ) {
468+ break ; /* the buffer was large enough */
469+ }
470+ /* Try again with a buffer big enough */
471+ free (obj -> buffer );
472+ obj -> buffersize = obj -> tosend + 1 ; /* reserve space for the final 0 */
454473 }
455- obj -> tosend = snprintf (obj -> buffer , obj -> buffersize , notifymsg ,
456- obj -> path , obj -> addrstr , obj -> portstr , l + 2 ,
457- obj -> sub -> uuid , obj -> sub -> seq ,
458- l , xml );
459474 if (xml ) {
460475 free (xml );
461476 xml = NULL ;
0 commit comments