In the event of the need to grow the buffer during vbufprintf, a corruption issue exists in the argument list. The state of an argument list after a call to vsnprintf is undefined. In the event of a buffer growth being needed, vbufprintf gets called again. However, this call is made without initing the argument list again. (va_start() must be called again). In the issue linked a test case can be seen to reliably reproduce (on 32bit linux).
The patch simply wraps the calls to _buf_vsnprintf with va_start and va_end calls. Because va_start must be called within the function with the originating arguments, I have moved vbufprintf into bufprintf and removed vbufprintf.
Related to: https://github.com/spladug/snudown/issues/1 and #75
In the event of the need to grow the buffer during vbufprintf, a corruption issue exists in the argument list. The state of an argument list after a call to vsnprintf is undefined. In the event of a buffer growth being needed, vbufprintf gets called again. However, this call is made without initing the argument list again. (va_start() must be called again). In the issue linked a test case can be seen to reliably reproduce (on 32bit linux).
https://github.com/andre-d/snudown/commit/a5269f9140502909094cb1bef96c977643ff4420 is a patch to correct the issue for snudown. The patch should apply for sundown also.
The patch simply wraps the calls to _buf_vsnprintf with va_start and va_end calls. Because va_start must be called within the function with the originating arguments, I have moved vbufprintf into bufprintf and removed vbufprintf.