export gzvprintf

folkertdev · folkertdev · commit 20ebb9781a2a · 2025-12-04T14:05:22.000+01:00
diff --git a/libz-rs-sys-cdylib/src/gz.rs b/libz-rs-sys-cdylib/src/gz.rs
@@ -2707,8 +2707,24 @@ pub unsafe extern "C-unwind" fn gzprintf(
     unsafe { gzvprintf(file, format, va.as_va_list()) }
 }
 
+/// Convert, format, compress, and write the variable argument list to a file under control of the string format, as in `vfprintf`.
+///
+/// # Returns
+///
+/// Returns the number of uncompressed bytes actually written, or a negative zlib error code in case of error.
+/// The number of uncompressed bytes written is limited to 8191, or one less than the buffer size given to [`gzbuffer`].
+/// The caller should assure that this limit is not exceeded. If it is exceeded, then [`gzvprintf`] will return `0` with nothing written.
+///
+/// Contrary to other implementations that can use the insecure `vsprintf`, the `zlib-rs` library always uses `vsnprintf`,
+/// so attempting to write more bytes than the limit can never run into buffer overflow issues.
+///
+/// # Safety
+///
+/// - The `format`  must be a valid C string
+/// - The variadic arguments must correspond with the format string in number and type
 #[cfg(feature = "gzprintf")]
-unsafe extern "C-unwind" fn gzvprintf(
+#[export_name = crate::prefix!(gzvprintf)]
+unsafe extern "C" fn gzvprintf(
     file: gzFile,
     format: *const c_char,
     va: core::ffi::VaList,
diff --git a/test-libz-rs-sys/src/gz.rs b/test-libz-rs-sys/src/gz.rs
@@ -2189,4 +2189,39 @@ mod gzprintf {
             let _ = read;
         }
     }
+
+    #[test]
+    fn test_gzprintf_buffer_too_large() {
+        let _ = crate::assert_eq_rs_ng!({
+            // Use a small buffer so we can hit the limit easily.
+            let path = "gzprintf-too-large.gz";
+            let file = unsafe {
+                gzopen(
+                    CString::new(crate_path(path)).unwrap().as_ptr(),
+                    CString::new("w").unwrap().as_ptr(),
+                )
+            };
+            assert!(!file.is_null());
+
+            // Make the buffer just 16 bytes.
+            assert_eq!(unsafe { gzbuffer(file, 16) }, 0);
+
+            // This input does not fit, and hence gzprintf returns 0.
+            let too_large = CString::new("1234567890abcdef").unwrap();
+            assert_eq!(too_large.as_bytes().len(), 16);
+            let written = unsafe { gzprintf(file, too_large.as_ptr()) };
+            assert_eq!(written, 0);
+
+            // Now write something that does fit (15 bytes).
+            let fits = CString::new("1234567890abcde").unwrap();
+            assert_eq!(fits.as_bytes().len(), 15);
+
+            let written_ok = unsafe { gzprintf(file, fits.as_ptr()) };
+            assert_eq!(written_ok, 15);
+
+            assert_eq!(unsafe { gzclose(file) }, Z_OK);
+
+            std::fs::read(crate_path(path)).unwrap()
+        });
+    }
 }
diff --git a/test-libz-rs-sys/src/lib.rs b/test-libz-rs-sys/src/lib.rs
@@ -72,6 +72,16 @@ macro_rules! assert_eq_rs_ng {
 
                 #[allow(unused)]
                 fn get_crc_table() -> *const [u32; 256];
+
+                #[allow(unused)]
+                fn gzbuffer(file: gzFile, size: core::ffi::c_uint) -> core::ffi::c_int;
+
+                #[allow(unused)]
+                fn gzprintf(
+                    file: gzFile,
+                    format: *const core::ffi::c_char,
+                    va: ...
+                ) -> core::ffi::c_int;
             }
 
             $tt
