From 611881ddf09d9510f630c7f635df5c4c0a5fcb12 Mon Sep 17 00:00:00 2001
From: klueska <klueska>
Date: Mon, 16 Jul 2007 19:42:34 +0000
Subject: [PATCH] Error in length provided to memset, resulting in a buffer
 overflow.  Error now fixed.

---
 tos/lib/printf/PrintfP.nc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tos/lib/printf/PrintfP.nc b/tos/lib/printf/PrintfP.nc
index 0065b0ab..c0b522a9 100644
--- a/tos/lib/printf/PrintfP.nc
+++ b/tos/lib/printf/PrintfP.nc
@@ -84,10 +84,10 @@ implementation {
   }
   
   void sendNext() {
-  	printf_msg_t* m = (printf_msg_t*)call Packet.getPayload(&printfMsg, NULL);
-  	length_to_send = (bytes_left_to_flush < sizeof(printf_msg_t)) ? bytes_left_to_flush : sizeof(printf_msg_t);
-  	memset(m->buffer, 0, sizeof(printfMsg));
-  	memcpy(m->buffer, (uint8_t*)next_byte, length_to_send);
+    printf_msg_t* m = (printf_msg_t*)call Packet.getPayload(&printfMsg, NULL);
+    length_to_send = (bytes_left_to_flush < sizeof(printf_msg_t)) ? bytes_left_to_flush : sizeof(printf_msg_t);
+    memset(m->buffer, 0, sizeof(m->buffer));
+    memcpy(m->buffer, (uint8_t*)next_byte, length_to_send);
     if(call AMSend.send(AM_BROADCAST_ADDR, &printfMsg, sizeof(printf_msg_t)) != SUCCESS)
       post retrySend();  
     else {
@@ -139,7 +139,7 @@ implementation {
   	atomic {
   	  if(state == S_STARTED && (next_byte > buffer)) {
   	    state = S_FLUSHING;
-        bytes_left_to_flush = next_byte - buffer;
+            bytes_left_to_flush = next_byte - buffer;
   	    next_byte = buffer;
   	  }
   	  else return FAIL;
-- 
2.39.2