Bug in talloc_asprintf_append()

Jeremy Allison jra at samba.org
Wed Sep 12 21:12:56 GMT 2007


	The talloc_asprintf_append() function doesn't take
into account a truncated string.

Imagine the following :

	/* talloc a 10 byte string. */
	char *s = talloc_strdup(NULL, "0123456789");

	s[5] = '\0';

	s = talloc_asprintf_append(s,

The result of s will be :


instead of :


As the code in talloc_vasprintf_append()
calcualtes the size as :

tc = talloc_chunk_from_ptr(s);
s_len = tc->size - 1;

Reallocs as :

s = talloc_realloc(NULL, s, char, s_len + len+1);

and finally prints as :

vsnprintf(s+s_len, len+1, fmt, ap2);

I think s_len should be strlen(s) instead.

Do you concur ?

This has tripped me up in the talloc rewrite for
the Samba3 file serving paths, and I want to know
that it's not intentional (I don't think it could
be, but you never know).


More information about the samba-technical mailing list