From f7596209eea21ee4e62ea24c8bc18e181d13f348 Mon Sep 17 00:00:00 2001
From: Dragan Dosen <ddosen@haproxy.com>
Date: Thu, 27 Jul 2023 20:30:42 +0200
Subject: [PATCH] BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if
 buffer is full

If the buffer is completely full, the function chunk_appendf() would
write a zero past it, which can result in unexpected behavior.

Now we make a check before calling vsnprintf() and return the current
chunk size if no room is available.

This should be backported as far as 2.0.
---
 src/chunk.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/chunk.c b/src/chunk.c
index 2d24fa596..b9728e1c9 100644
--- a/src/chunk.c
+++ b/src/chunk.c
@@ -130,15 +130,19 @@ int chunk_printf(struct buffer *chk, const char *fmt, ...)
 int chunk_appendf(struct buffer *chk, const char *fmt, ...)
 {
 	va_list argp;
+	size_t room;
 	int ret;
 
 	if (!chk->area || !chk->size)
 		return 0;
 
+	room = chk->size - chk->data;
+	if (!room)
+		return chk->data;
+
 	va_start(argp, fmt);
-	ret = vsnprintf(chk->area + chk->data, chk->size - chk->data, fmt,
-			argp);
-	if (ret >= chk->size - chk->data)
+	ret = vsnprintf(chk->area + chk->data, room, fmt, argp);
+	if (ret >= room)
 		/* do not copy anything in case of truncation */
 		chk->area[chk->data] = 0;
 	else