diff options
| author | Michael Brown <mcb30@ipxe.org> | 2023-10-24 11:43:56 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2023-10-24 11:43:56 +0100 |
| commit | 115707c0edebad65f87525fed583fef73880016d (patch) | |
| tree | 189fa7a9b67bd10f2286b4366572d789e627a13c | |
| parent | ff0f860483e344f1af633f94696ff7bc1854611f (diff) | |
| download | ipxe-115707c0edebad65f87525fed583fef73880016d.zip ipxe-115707c0edebad65f87525fed583fef73880016d.tar.gz ipxe-115707c0edebad65f87525fed583fef73880016d.tar.bz2 | |
[iphone] Add missing va_start()/va_end() around reused argument list
The ipair_tx() function uses a va_list twice (first to calculate the
formatted string length before allocation, then to construct the
string in the allocated buffer) but is missing the va_start() and
va_end() around the second usage. This is undefined behaviour that
happens to work on some build platforms.
Fix by adding the missing va_start() and va_end() around the second
usage of the variadic argument list.
Reported-by: Andreas Hammarskjöld <andreas@2PintSoftware.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/drivers/net/iphone.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/drivers/net/iphone.c b/src/drivers/net/iphone.c index 7d0eb4b..bbac527 100644 --- a/src/drivers/net/iphone.c +++ b/src/drivers/net/iphone.c @@ -1304,7 +1304,9 @@ ipair_tx ( struct ipair *ipair, const char *fmt, ... ) { memset ( hdr, 0, sizeof ( *hdr ) ); hdr->len = htonl ( len ); msg = iob_put ( iobuf, len ); + va_start ( args, fmt ); vsnprintf ( msg, len, fmt, args ); + va_end ( args ); DBGC2 ( ipair, "IPAIR %p transmitting:\n%s\n", ipair, msg ); /* Transmit message */ |