frr icon indicating copy to clipboard operation
frr copied to clipboard
verified publisher icon FRRouting

lib: Fix snprintf buffer overflow in PTM CSV encoding

Open soumyar-roy opened this issue 1 month ago • 0 comments

Issue: snprintf returns desired length, not bytes written. When truncated, using return value causes position miscalculation and buffer overflow.

Before: pos += snprintf(...) /* Wrong when truncated / After: pos += MIN(ret, space - 1) / Actual bytes written */

For exmaple PTM CSV corruption: sendE0vent instead of sendEvent

Ticket:#4523916

soumyar-roy avatar Dec 09 '25 21:12 soumyar-roy