From 6995be9f5a861f5027fe742c9d530eefdd4b0661 Mon Sep 17 00:00:00 2001
From: Florian Zumbiehl <florz@florz.de>
Date: Wed, 2 Sep 2009 22:52:55 +0200
Subject: [PATCH] libblkid: fix buffer overflow in blkid_encode_string()

[kzak@redhat.com: - this is patch is originally from udev repository
                    commit 8cfcf9980a3a7037a12a3052c38e4981cb0f0190]

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 shlibs/blkid/src/encode.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/shlibs/blkid/src/encode.c b/shlibs/blkid/src/encode.c
index d45a292e..0317be1f 100644
--- a/shlibs/blkid/src/encode.c
+++ b/shlibs/blkid/src/encode.c
@@ -243,28 +243,35 @@ int blkid_encode_string(const char *str, char *str_enc, size_t len)
 {
 	size_t i, j;
 
-	if (str == NULL || str_enc == NULL || len == 0)
+	if (str == NULL || str_enc == NULL)
 		return -1;
 
-	str_enc[0] = '\0';
 	for (i = 0, j = 0; str[i] != '\0'; i++) {
 		int seqlen;
 
 		seqlen = utf8_encoded_valid_unichar(&str[i]);
 		if (seqlen > 1) {
+			if (len-j < (size_t)seqlen)
+				goto err;
 			memcpy(&str_enc[j], &str[i], seqlen);
 			j += seqlen;
 			i += (seqlen-1);
 		} else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) {
+			if (len-j < 4)
+				goto err;
 			sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]);
 			j += 4;
 		} else {
+			if (len-j < 1)
+				goto err;
 			str_enc[j] = str[i];
 			j++;
 		}
 		if (j+3 >= len)
 			goto err;
 	}
+	if (len-j < 1)
+		goto err;
 	str_enc[j] = '\0';
 	return 0;
 err:
-- 
2.39.5