From f78ad7162fb472720eaf04b4d3d18caf9997bc43 Mon Sep 17 00:00:00 2001 From: furunkel Date: Fri, 12 Nov 2021 20:52:15 +0100 Subject: [PATCH] Don't use zero maxlen for snprintf in ts_subtree__write_to_string It seems that (some implementations of?) `snprintf` returns -1 and sets `errno` to `EINVAL` if a `maxlen` of zero is passed. This causes the count to underflow and `ts_subtree__write_to_string` returns a gigantic size which the succeeding malloc will refuse to allocate. --- lib/src/subtree.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/src/subtree.c b/lib/src/subtree.c index 5634f46d..d3be47b0 100644 --- a/lib/src/subtree.c +++ b/lib/src/subtree.c @@ -874,7 +874,7 @@ static size_t ts_subtree__write_to_string( if (!self.ptr) return snprintf(string, limit, "(NULL)"); char *cursor = string; - char **writer = (limit > 0) ? &cursor : &string; + char **writer = (limit > 1) ? &cursor : &string; bool is_root = field_name == ROOT_FIELD; bool is_visible = include_all || @@ -973,7 +973,7 @@ char *ts_subtree_string( ) { char scratch_string[1]; size_t size = ts_subtree__write_to_string( - self, scratch_string, 0, + self, scratch_string, 1, language, include_all, 0, false, ROOT_FIELD ) + 1;