marko10_000
/
openclonk
forked from Mirrors/openclonk
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed potential format string exploit with user-defined death messages

stable-5.2
Nicolas Hake 2009-08-13 10:32:09 +02:00
parent 276a5abfed
commit 3bcfebf1f7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/game/script/C4Script.cpp
View File

@ -360,7 +360,7 @@ static C4Void FnDeathAnnounce(C4AulObjectContext *cthr)
char *szMsg;
if (cthr->Obj->Info)
if(*(szMsg = cthr->Obj->Info->DeathMessage))
sprintf(pscOSTR, szMsg);
sprintf(pscOSTR, "%s", szMsg);
if (!*pscOSTR)
{
char idDeathMsg[128+1]; sprintf(idDeathMsg, "IDS_OBJ_DEATH%d", 1 + SafeRandom(MaxDeathMsg));