shithub: choc

Download patch

ref: 5e51c2032749df58fadc8182da345acb18b19885
parent: 714b700b1cf7f9cb0f6dca3c9bc7b0653a74f270
author: Simon Howard <[email protected]>
date: Fri Jan 5 07:41:32 EST 2018

hexen: Add bounds checking for CmdPrintCharacter.

If adding another character to the print buffer would cause a buffer
overflow, don't exceed the limits of the buffer. Similar protection
is already in place for CmdPrintString and CmdPrintNumber.

--- a/src/hexen/p_acs.c
+++ b/src/hexen/p_acs.c
@@ -1817,11 +1817,12 @@
 
 static int CmdPrintCharacter(void)
 {
-    char *bufferEnd;
+    char tempStr[2];
 
-    bufferEnd = PrintBuffer + strlen(PrintBuffer);
-    *bufferEnd++ = Pop();
-    *bufferEnd = 0;
+    tempStr[0] = Pop();
+    tempStr[1] = '\0';
+    M_StringConcat(PrintBuffer, tempStr, sizeof(PrintBuffer));
+
     return SCRIPT_CONTINUE;
 }