From b2f02464985e9a9e0b8416635ab2d592e31c5096 Mon Sep 17 00:00:00 2001
From: Martin Pool <mbp@samba.org>
Date: Tue, 4 Sep 2001 03:12:55 +0000
Subject: [PATCH] For log messages containing ridiculously long strings that
 might overflow a buffer rsync no longer aborts, but rather prints an ellipsis
 at the end of the string.  (Patch from Ed Santiago.)

---
 NEWS  |  5 +++++
 log.c | 26 +++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index e139a467..13cf800d 100644
--- a/NEWS
+++ b/NEWS
@@ -56,6 +56,10 @@ rsync 2.4.7 (sometime in 2001, maybe :)
 
     * Applied "simple nohang patch" from Wayne Davison.
 
+    * For log messages containing ridiculously long strings that might
+      overflow a buffer rsync no longer aborts, but rather prints an
+      ellipsis at the end of the string.  (Patch from Ed Santiago.)
+
   PLATFORMS:
 
     * Improved support for UNICOS (tested on Cray T3E and Cray SV1)
@@ -68,3 +72,4 @@ rsync 2.4.7 (sometime in 2001, maybe :)
     * The existing test.sh script by Phil Hands has been merged into a
       test framework that works from both "make check" and the Samba
       build farm.
+
diff --git a/log.c b/log.c
index 64e97b91..3b53a9ae 100644
--- a/log.c
+++ b/log.c
@@ -289,7 +289,31 @@ void rprintf(enum logcode code, const char *format, ...)
 	len = vsnprintf(buf, sizeof(buf), format, ap);
 	va_end(ap);
 
-	if (len > sizeof(buf)-1) exit_cleanup(RERR_MESSAGEIO);
+	/* Deal with buffer overruns.  Instead of panicking, just
+	 * truncate the resulting string.  Note that some vsnprintf()s
+	 * return -1 on truncation, e.g., glibc 2.0.6 and earlier. */
+	if (len > sizeof(buf)-1  ||  len < 0) {
+		const char ellipsis[] = "[...]";
+
+		/* Reset length, and zero-terminate the end of our buffer */
+		len = sizeof(buf)-1;
+		buf[len] = '\0';
+
+		/* Copy the ellipsis to the end of the string, but give
+		 * us one extra character:
+		 *
+		 *                  v--- null byte at buf[sizeof(buf)-1]
+		 *        abcdefghij0
+		 *     -> abcd[...]00  <-- now two null bytes at end
+		 *
+		 * If the input format string has a trailing newline,
+		 * we copy it into that extra null; if it doesn't, well,
+		 * all we lose is one byte.  */
+		strncpy(buf+len-sizeof(ellipsis), ellipsis, sizeof(ellipsis));
+		if (format[strlen(format)-1] == '\n') {
+			buf[len-1] = '\n';
+		}
+	}
 
 	rwrite(code, buf, len);
 }
-- 
2.34.1