ref: 5e51c2032749df58fadc8182da345acb18b19885
parent: 714b700b1cf7f9cb0f6dca3c9bc7b0653a74f270
author: Simon Howard <[email protected]>
date: Fri Jan 5 07:41:32 EST 2018
hexen: Add bounds checking for CmdPrintCharacter. If adding another character to the print buffer would cause a buffer overflow, don't exceed the limits of the buffer. Similar protection is already in place for CmdPrintString and CmdPrintNumber.
--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -1817,11 +1817,12 @@
static int CmdPrintCharacter(void)
{
- char *bufferEnd;
+ char tempStr[2];
- bufferEnd = PrintBuffer + strlen(PrintBuffer);
- *bufferEnd++ = Pop();
- *bufferEnd = 0;
+ tempStr[0] = Pop();
+ tempStr[1] = '\0';
+ M_StringConcat(PrintBuffer, tempStr, sizeof(PrintBuffer));
+
return SCRIPT_CONTINUE;
}