fix off by one (#3506)

realFlowControl · web-flow · commit c4ac6c5c734a · 2025-11-28T12:18:10.000+01:00
diff --git a/appsec/src/extension/request_abort.c b/appsec/src/extension/request_abort.c
@@ -515,8 +515,10 @@ zend_array *nonnull dd_request_abort_static_page_spec(
     }
 
     {
-        char buf[sizeof("18446744073709551615") - 1];
-        size_t len = sprintf(buf, "%zu", body_len);
+        // This magic number is the string representation of SIZE_MAX on 64 bit
+        // systems
+        char buf[sizeof("18446744073709551615")];
+        size_t len = snprintf(buf, sizeof(buf), "%zu", body_len);
         zend_string *s = zend_string_init(buf, len, 0);
         zval cont_len_zv;
         ZVAL_STR(&cont_len_zv, s);

Original file line number	Diff line number	Diff line change
`@@ -515,8 +515,10 @@ zend_array *nonnull dd_request_abort_static_page_spec(`
`515`	`515`	`}`
`516`	`516`
`517`	`517`	`{`
`518`		`- char buf[sizeof("18446744073709551615") - 1];`
`519`		`- size_t len = sprintf(buf, "%zu", body_len);`
	`518`	`+ // This magic number is the string representation of SIZE_MAX on 64 bit`
	`519`	`+ // systems`
	`520`	`+ char buf[sizeof("18446744073709551615")];`
	`521`	`+ size_t len = snprintf(buf, sizeof(buf), "%zu", body_len);`
`520`	`522`	`zend_string *s = zend_string_init(buf, len, 0);`
`521`	`523`	`zval cont_len_zv;`
`522`	`524`	`ZVAL_STR(&cont_len_zv, s);`