prevent integer underflow

(not currently exploitable, ilja and i think)

svn:r3010

diff --git a/src/common/log.c b/src/common/log.c
index f227ebc399394c7c81d33716f52de7d6d8c4133d..4e4bc1862b415002ca9942be8e4b0c0ba98a9e51 100644 (file)
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -122,6 +122,10 @@ static INLINE char *format_msg(char *buf, size_t buf_len,
   size_t n;
   int r;
   char *end_of_prefix;
+  if (buf_len < 2) { /* prevent integer underflow */
+    tor_assert(0);
+    exit(1);
+  }
   buf_len -= 2; /* subtract 2 characters so we have room for \n\0 */
 
   n = _log_prefix(buf, buf_len, severity);