Corrects a few issues related to snprintf return values

NmapOutputTable.cc

@@ -233,7 +233,7 @@ void NmapOutputTable::addItemFormatted(unsigned int row,
   res = Vsnprintf(buf, sizeof(buf), fmt, ap);
   va_end(ap);
 
-  if (res > sizeof(buf))
+  if (res >= sizeof(buf))
     fatal("NmapOutputTable only supports adding up to 4096 to a cell via %s.", __func__);
 
   addItem(row, column, fullrow, true, buf, res);

nbase/nbase_str.c

@@ -196,7 +196,7 @@ int Vsnprintf(char *s, size_t n, const char *fmt, va_list ap) {
   ret = vsnprintf(s, n, fmt, ap);
 
   if (ret < 0 || (unsigned)ret >= n)
-    s[n - 1] = '\0';
+    s[n - 1] = '\0'; /* technically redundant */
 
   return ret;
 }

nsock/src/nsock_write.c

@@ -170,6 +170,7 @@ nsock_event_id nsock_printf(nsock_pool ms_pool, nsock_iod ms_iod,
   struct nevent *nse;
   char buf[4096];
   char *buf2 = NULL;
+  size_t buf2size;
   int res, res2;
   int strlength = 0;
   char displaystr[256];
@@ -183,13 +184,14 @@ nsock_event_id nsock_printf(nsock_pool ms_pool, nsock_iod ms_iod,
   res = Vsnprintf(buf, sizeof(buf), format, ap);
   va_end(ap);
 
-  if (res != -1) {
+  if (res >= 0) {
-    if (res > sizeof(buf)) {
+    if (res >= sizeof(buf)) {
-      buf2 = (char * )safe_malloc(res + 16);
+      buf2size = res + 16;
+      buf2 = (char * )safe_malloc(buf2size);
       va_start(ap,format);
-      res2 = Vsnprintf(buf2, sizeof(buf), format, ap);
+      res2 = Vsnprintf(buf2, buf2size, format, ap);
       va_end(ap);
-      if (res2 == -1 || res2 > res) {
+      if (res2 < 0 || res2 >= buf2size) {
         free(buf2);
         buf2 = NULL;
       } else

service_scan.cc

@@ -896,7 +896,7 @@ static char *substvar(char *tmplvar, char **tmplvarend,
       }
     }
     buflen = Snprintf(buf, sizeof(buf), "%lu", val);
-    if (buflen < 0 || buflen > (int) sizeof(buf)) {
+    if (buflen < 0 || buflen >= (int) sizeof(buf)) {
       return NULL;
     }
     strbuf_append(&result, &n, &len, buf, buflen);