From 98066d62bc154393d36a04e3d26c87e9eff2c06f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 11 Dec 2008 21:11:22 +0000
Subject: [PATCH] Lower sprintf buffer max to ~SSIZE_T_MAX from SIZE_T_CEILING,
 since we need to compare it to a signed int.

svn:r17600
---
 src/common/compat.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index 51172d77be..e506a2b975 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -303,7 +303,7 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
   int r;
   if (size == 0)
     return -1; /* no place for the NUL */
-  if (size > SIZE_T_CEILING)
+  if (size > SSIZE_T_MAX-16)
     return -1;
 #ifdef MS_WINDOWS
   r = _vsnprintf(str, size, format, args);
@@ -311,7 +311,7 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
   r = vsnprintf(str, size, format, args);
 #endif
   str[size-1] = '\0';
-  if (r < 0 || ((size_t)r) >= size)
+  if (r < 0 || r >= (ssize_t)size)
     return -1;
   return r;
 }
-- 
2.11.4.GIT