Hi
VirBufferVSprintf() loops endless when it receives over 2000 bytes,
because the return value of vsnprintf() is more than "size - 1".
It is because the maximum of "size" is 1999 bytes.
--> the maximum of "buf->size - buf->use" = 2000
(1000(argument of virBufferGrow()) + 1000(set in virBufferGrow()))
So, virBufferEscapeString() has the same problem.
This patch sets to virBufferGrow() the size of the data
which VirBufferVSprintf()(virBufferEscapeString()) received
when it is over 1000 bytes.
Signed-off-by: Masayuki Sunou <fj1826dm(a)aa.jp.fujitsu.com>
Thanks,
Masayuki Sunou.
----------------------------------------------------------------------
Index: src/buf.c
===================================================================
RCS file: /data/cvs/libvirt/src/buf.c,v
retrieving revision 1.3
diff -u -p -r1.3 buf.c
--- src/buf.c 9 Jul 2007 11:24:52 -0000 1.3
+++ src/buf.c 24 Aug 2007 05:56:37 -0000
@@ -159,7 +159,7 @@ virBufferContentAndFree (virBufferPtr bu
int
virBufferVSprintf(virBufferPtr buf, const char *format, ...)
{
- int size, count;
+ int size, count, grow_size;
va_list locarg, argptr;
if ((format == NULL) || (buf == NULL)) {
@@ -172,7 +172,8 @@ virBufferVSprintf(virBufferPtr buf, cons
locarg)) < 0) || (count >= size - 1)) {
buf->content[buf->use] = 0;
va_end(locarg);
- if (virBufferGrow(buf, 1000) < 0) {
+ grow_size = (count > 1000) ? count : 1000;
+ if (virBufferGrow(buf, grow_size) < 0) {
return (-1);
}
size = buf->size - buf->use - 1;
@@ -198,7 +199,7 @@ virBufferVSprintf(virBufferPtr buf, cons
int
virBufferEscapeString(virBufferPtr buf, const char *format, const char *str)
{
- int size, count, len;
+ int size, count, len, grow_size;
char *escaped, *out;
const char *cur;
@@ -248,7 +249,8 @@ virBufferEscapeString(virBufferPtr buf,
while (((count = snprintf(&buf->content[buf->use], size, format,
(char *)escaped)) < 0) || (count >= size - 1)) {
buf->content[buf->use] = 0;
- if (virBufferGrow(buf, 1000) < 0) {
+ grow_size = (count > 1000) ? count : 1000;
+ if (virBufferGrow(buf, grow_size) < 0) {
free(escaped);
return (-1);
}
----------------------------------------------------------------------