From 62f19dc5df5defbfdc5ebab82b7b467176b2b273 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] proc/escape.c: Handle negative snprintf() return value.

May happen if strlen(src) > INT_MAX for example. This patch prevents
escaped_copy() from increasing maxroom and returning -1 (= number of
bytes consumed in dst).
---
 proc/escape.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/proc/escape.c b/proc/escape.c
index 82cd6821..5cd68779 100644
--- a/proc/escape.c
+++ b/proc/escape.c
@@ -251,6 +251,10 @@ int escaped_copy(char *restrict dst, const char *restrict src, int bufsize, int
   if (bufsize > *maxroom+1) bufsize = *maxroom+1;
 
   n = snprintf(dst, bufsize, "%s", src);
+  if (n < 0) {
+    *dst = '\0';
+    return 0;
+  }
   if (n >= bufsize) n = bufsize-1;
   *maxroom -= n;
   return n;