From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 17 Apr 2026 17:52:53 +0000 (+0200)
Subject: strxcpyx: add a paranoia check for vsnprintf()'s return value
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=774a9f440bebeea960b69bb46109d72b3d7b8667;p=thirdparty%2Fsystemd.git

strxcpyx: add a paranoia check for vsnprintf()'s return value

vsnprintf() can, under some circumstances, return negative value, namely
during encoding errors when converting wchars to multi-byte characters.
This would then wreak havoc in the arithmetics we do following the
vsnprintf() call. However, since we never do any wchar shenanigans in
our code it should never happen.

Let's encode this assumption into the code as an assert(), similarly how
we already do this in other places (like strextendf_with_separator()).
---

diff --git a/src/basic/strxcpyx.c b/src/basic/strxcpyx.c
index dc40d620e7e..f8410f7d0c1 100644
--- a/src/basic/strxcpyx.c
+++ b/src/basic/strxcpyx.c
@@ -64,6 +64,8 @@ size_t strpcpyf_full(char **dest, size_t size, bool *ret_truncated, const char *
         i = vsnprintf(*dest, size, src, va);
         va_end(va);
 
+        assert(i >= 0);
+
         if (i < (int) size) {
                 *dest += i;
                 size -= i;