From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 19 Jan 2016 06:36:55 +0000 (+1030)
Subject: tal/str: fix infinite loop of tal_fmt() with empty string.
X-Git-Url: http://git.ozlabs.org/?p=ccan;a=commitdiff_plain;h=64e9e7145aac9502655c5799ab711b9766c1da57;ds=sidebyside

tal/str: fix infinite loop of tal_fmt() with empty string.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---

diff --git a/ccan/tal/str/str.c b/ccan/tal/str/str.c
index 83dac663..7adb9ef5 100644
--- a/ccan/tal/str/str.c
+++ b/ccan/tal/str/str.c
@@ -52,7 +52,7 @@ char *tal_fmt(const tal_t *ctx, const char *fmt, ...)
 static bool do_vfmt(char **buf, size_t off, const char *fmt, va_list ap)
 {
 	/* A decent guess to start. */
-	size_t max = strlen(fmt) * 2;
+	size_t max = strlen(fmt) * 2 + 1;
 	bool ok;
 
 	for (;;) {
diff --git a/ccan/tal/str/test/run-fmt-terminate.c b/ccan/tal/str/test/run-fmt-terminate.c
new file mode 100644
index 00000000..9dfd0015
--- /dev/null
+++ b/ccan/tal/str/test/run-fmt-terminate.c
@@ -0,0 +1,22 @@
+#include <ccan/tal/str/str.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ccan/tal/str/str.c>
+#include <ccan/tap/tap.h>
+#include "helper.h"
+
+/* Empty format string: should still terminate! */
+int main(int argc, char *argv[])
+{
+	char *str;
+	const char *fmt = "";
+
+	plan_tests(1);
+	/* GCC complains about empty format string, complains about non-literal
+	 * with no args... */
+	str = tal_fmt(NULL, fmt, "");
+	ok1(!strcmp(str, ""));
+	tal_free(str);
+
+	return exit_status();
+}