Buffer overrun fix. fixes: bug #787

author: Nigel Metheringham <nigel@exim.org> 2008-12-12 14:36:37 +0000
committer: Nigel Metheringham <nigel@exim.org> 2008-12-12 14:36:37 +0000
commit: 24c929a27415c7cfc7126c47e4cad39acf3efa6b (patch)
tree: 70ba197f7c6e9f60a548d23243b0218a9e5ba1a2 /src
parent: f44cbc208bbc37a70e527d4ed3ab517b63f0d950 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/src/string.c b/src/src/string.c
index 20bd1d1f3..83455294d 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/string.c,v 1.13 2007/02/26 14:07:04 ph10 Exp $ */
+/* $Cambridge: exim/src/src/string.c,v 1.14 2008/12/12 14:36:37 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1267,10 +1267,17 @@ while (*fp != 0)
     not OK, add part of the string (debugging uses this to show as
     much as possible). */
 
+    if (p == last)
+      {
+      yield = FALSE;
+      goto END_FORMAT;
+      }
     if (p >= last - width)
       {
       yield = FALSE;
       width = precision = last - p - 1;
+      if (width < 0) width = 0;
+      if (precision < 0) precision = 0;
       }
     sprintf(CS p, "%*.*s", width, precision, s);
     if (fp[-1] == 'S')
author	Nigel Metheringham <nigel@exim.org>	2008-12-12 14:36:37 +0000
committer	Nigel Metheringham <nigel@exim.org>	2008-12-12 14:36:37 +0000
commit	24c929a27415c7cfc7126c47e4cad39acf3efa6b (patch)
tree	70ba197f7c6e9f60a548d23243b0218a9e5ba1a2 /src
parent	f44cbc208bbc37a70e527d4ed3ab517b63f0d950 (diff)