Changeset 4840 for libcaca


Ignore:
Timestamp:
Sep 9, 2012, 5:00:05 PM (6 years ago)
Author:
Sam Hocevar
Message:

string: fix a potential memory corruption with caca_printf() calls done
outside the canvas.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • libcaca/trunk/caca/string.c

    r4823 r4840  
    316316 *  Format a string at the given coordinates, using the default foreground
    317317 *  and background values. The coordinates may be outside the canvas
    318  *  boundaries (eg. a negative Y coordinate) and the string will be cropped
     318 *  boundaries (eg. a negative X coordinate) and the string will be cropped
    319319 *  accordingly if it is too long. The syntax of the format string is the
    320320 *  same as for the C vprintf() function.
     
    338338    char tmp[BUFSIZ];
    339339    char *buf = tmp;
    340     int ret;
     340    int bufsize = BUFSIZ, ret;
    341341
    342342    if(cv->width - x + 1 > BUFSIZ)
    343         buf = malloc(cv->width - x + 1);
     343    {
     344        bufsize = cv->width - x + 1;
     345        buf = malloc(bufsize);
     346    }
    344347
    345348#if defined(HAVE_VSNPRINTF_S)
    346     vsnprintf_s(buf, cv->width - x + 1, _TRUNCATE, format, args);
     349    vsnprintf_s(buf, bufsize, _TRUNCATE, format, args);
    347350#elif defined(HAVE_VSNPRINTF)
    348     vsnprintf(buf, cv->width - x + 1, format, args);
     351    vsnprintf(buf, bufsize, format, args);
    349352#else
    350353    vsprintf(buf, format, args);
    351354#endif
    352     buf[cv->width - x] = '\0';
     355    buf[bufsize - 1] = '\0';
    353356
    354357    ret = caca_put_str(cv, x, y, buf);
Note: See TracChangeset for help on using the changeset viewer.