From 48eaac247f170a1a2a0c9bd3a33f752c87a9be62 Mon Sep 17 00:00:00 2001
From: Maxim Konovalov <maxim@FreeBSD.org>
Date: Tue, 17 Sep 2002 11:28:24 +0000
Subject: [PATCH] Fix vsnprintf(3) memory leak for size == 0.

PR:             bin/36175
Obtained from:  OpenBSD
Reviewed by:    silence on -audit
MFC after:      5 days
---
 lib/libc/stdio/vsnprintf.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/libc/stdio/vsnprintf.c b/lib/libc/stdio/vsnprintf.c
index ecbce5ac1e31..64798073a70a 100644
--- a/lib/libc/stdio/vsnprintf.c
+++ b/lib/libc/stdio/vsnprintf.c
@@ -50,6 +50,7 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
 {
 	size_t on;
 	int ret;
+	char dummy;
 	FILE f;
 	struct __sFILEX ext;
 
@@ -58,6 +59,11 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
 		n--;
 	if (n > INT_MAX)
 		n = INT_MAX;
+	/* Stdio internals do not deal correctly with zero length buffer */
+	if (n == 0) {
+                str = &dummy;
+                n = 1;
+	}
 	f._file = -1;
 	f._flags = __SWR | __SSTR;
 	f._bf._base = f._p = (unsigned char *)str;