From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Tue, 22 Aug 2023 10:21:13 +0000 (+0200)
Subject: cmd: setexpr: fix printf_str()
X-Git-Tag: v2025.01-rc5-pxa1908~874^2~15
X-Git-Url: http://git.dujemihanovic.xyz/%22http:/www.sics.se/static/%7B%7B%20%24.Site.BaseURL%20%7D%7Dposts/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=175e4b01beed25dedbd17a082786ec2e6739f1b3;p=u-boot.git

cmd: setexpr: fix printf_str()

If vsnprintf() returns a negative number, (i >= remaining) will
possibly be true:

'i' is of type signed int and 'remaining' is of the unsigned type size_t.
The C language will convert i to an unsigned type before the comparison.

This can result in the wrong error type being indicated.

Checking for negative i should be done first.

Fixes: f4f8d8bb1abc ("cmd: setexpr: add format string handling")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---

diff --git a/cmd/printf.c b/cmd/printf.c
index e024676743..0c6887e0d6 100644
--- a/cmd/printf.c
+++ b/cmd/printf.c
@@ -144,10 +144,10 @@ static void printf_str(struct print_inf *inf, char *format, ...)
 	i = vsnprintf(inf->str + inf->offset, remaining, format, args);
 	va_end(args);
 
-	if (i >= remaining)
-		inf->error |= PRINT_TRUNCATED_ERROR;
-	else if (i < 0)
+	if (i < 0)
 		inf->error |= PRINT_CONVERSION_ERROR;
+	else if ((unsigned int)i >= remaining)
+		inf->error |= PRINT_TRUNCATED_ERROR;
 	else
 		inf->offset += i;
 }