+/* Use the lengthchecked formatting routine to ensure that the buffer
+does not overflow. Ensure there's space for a newline at the end.
+However, use taint-unchecked routines for writing into the buffer
+so that we can write tainted info into the static debug_buffer -
+we trust that we will never expand the results. */
+
+ {
+ gstring gs = { .size = (int)sizeof(debug_buffer) - 1,
+ .ptr = debug_ptr - debug_buffer,
+ .s = debug_buffer };
+ if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, format, ap))
+ {
+ uschar * s = US"**** debug string too long - truncated ****\n";
+ uschar * p = gs.s + gs.ptr;
+ int maxlen = gs.size - Ustrlen(s) - 2;
+ if (p > gs.s + maxlen) p = gs.s + maxlen;
+ if (p > gs.s && p[-1] != '\n') *p++ = '\n';
+ Ustrcpy(p, s);
+ while(*debug_ptr) debug_ptr++;
+ }
+ else
+ {
+ string_from_gstring(&gs);
+ debug_ptr = gs.s + gs.ptr;
+ }
+ }