cmd: setexpr: fix printf_str()

If vsnprintf() returns a negative number, (i >= remaining) will
possibly be true:

'i' is of type signed int and 'remaining' is of the unsigned type size_t.
The C language will convert i to an unsigned type before the comparison.

This can result in the wrong error type being indicated.

Checking for negative i should be done first.

Fixes: f4f8d8bb1abc ("cmd: setexpr: add format string handling")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/cmd/printf.c b/cmd/printf.c
index e02467674312b7e6e9dacd81dcb546f133fa1f8d..0c6887e0d6e983327eaaf073d20a368ba17ffd72 100644 (file)
--- a/cmd/printf.c
+++ b/cmd/printf.c
@@ -144,10 +144,10 @@ static void printf_str(struct print_inf *inf, char *format, ...)
        i = vsnprintf(inf->str + inf->offset, remaining, format, args);
        va_end(args);
 
-       if (i >= remaining)
-               inf->error |= PRINT_TRUNCATED_ERROR;
-       else if (i < 0)
+       if (i < 0)
                inf->error |= PRINT_CONVERSION_ERROR;
+       else if ((unsigned int)i >= remaining)
+               inf->error |= PRINT_TRUNCATED_ERROR;
        else
                inf->offset += i;
 }