From f3fff3e0ef130a9a2c8c773ca63d9b60a567f4f6 Mon Sep 17 00:00:00 2001
From: Benjamin Otte <in7y118@public.uni-hamburg.de>
Date: Tue, 20 Jul 2004 15:33:52 +0000
Subject: [PATCH] fix buffer overflows Signed-off-by: Benjamin Otte
 <in7y118@public.uni-hamburg.de>

---
 src/output.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/output.c b/src/output.c
index 025d2f0c..2fbabed2 100644
--- a/src/output.c
+++ b/src/output.c
@@ -255,7 +255,9 @@ static int snd_output_buffer_need(snd_output_t *output, size_t size)
 	if (buffer->alloc == 0)
 		alloc = 256;
 	else
-		alloc = buffer->alloc * 2;
+		alloc = buffer->alloc;
+	while (alloc < size)
+		alloc *= 2;
 	buffer->buf = realloc(buffer->buf, alloc);
 	if (!buffer->buf)
 		return -ENOMEM;
@@ -281,8 +283,9 @@ static int snd_output_buffer_print(snd_output_t *output, const char *format, va_
 	result = snd_output_buffer_need(output, size);
 	if (result < 0)
 		return result;
-	result = vsprintf(buffer->buf + buffer->size, format, args);
+	result = vsnprintf(buffer->buf + buffer->size, result, format, args);
 	assert(result == (int)size);
+	buffer->size += result;
 	return result;
 }
 
-- 
2.47.1