From 97b193574876db5f75150558a31fe6d14879ca08 Mon Sep 17 00:00:00 2001 From: Yuan Yuan Date: Tue, 30 May 2023 19:20:09 +0000 Subject: [PATCH] lib: fix vtysh core when handling questionmark When issue vtysh command with ?, the initial buf size for the element is 16. Then it would loop through each element in the cmd output vector. If the required size for printing out the next element is larger than the current buf size, realloc the buf memory by doubling the current buf size regardless of the actual size that's needed. This would cause vtysh core when the doubled size is not enough for the next element. Signed-off-by: Yuan Yuan (cherry picked from commit f8aa257997a6a6f69ec5d5715ab04d7cbfae1d1c) --- lib/command.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/command.c b/lib/command.c index 6d023142ab..9359f9bf36 100644 --- a/lib/command.c +++ b/lib/command.c @@ -742,9 +742,13 @@ char *cmd_variable_comp2str(vector comps, unsigned short cols) char *item = vector_slot(comps, j); itemlen = strlen(item); - if (cs + itemlen + AUTOCOMP_INDENT + 3 >= bsz) - buf = XREALLOC(MTYPE_TMP, buf, (bsz *= 2)); + size_t next_sz = cs + itemlen + AUTOCOMP_INDENT + 3; + if (next_sz > bsz) { + /* Make sure the buf size is large enough */ + bsz = next_sz; + buf = XREALLOC(MTYPE_TMP, buf, bsz); + } if (lc + itemlen + 1 >= cols) { cs += snprintf(&buf[cs], bsz - cs, "\n%*s", AUTOCOMP_INDENT, "");