forked from Mirrors/openclonk
Fix potential buffer overflow in ssprintf
If vsnprintf fails for other reasons than too small a buffer, it returns a negative value. Comparing that with a size_t value promotes the negative value to unsigned, which makes for a very large result, almost guaranteed to be larger than the buffer size.issue1247
parent
95641b5fb0
commit
ff263e5433
|
@ -167,7 +167,9 @@ inline int ssprintf(char(&str)[N], const char *fmt, ...)
|
|||
{
|
||||
va_list args; va_start(args, fmt);
|
||||
int m = vsnprintf(str, N, fmt, args);
|
||||
if (m >= N) { m = N-1; str[m] = 0; }
|
||||
// Quick exit if vsnprintf failed
|
||||
if (m < 0) return m;
|
||||
if (static_cast<size_t>(m) >= N) { m = N-1; str[m] = 0; }
|
||||
return m;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue