ref: c30f4a2f65172a0d358e4c85c7d3270af13b829b
parent: 007615bc247f51b8418cbdd62c2c8b8c74a7ee08
author: Simon Howard <[email protected]>
date: Tue Apr 1 18:06:09 EDT 2014
misc: Fix safe vsnprintf() function. An off-by-one error in the function caused the strings to be truncated one character too early. Change the return value check so that negative values are also interpreted as indicating truncation; this is the behavior of the Win32 API.
--- a/src/m_misc.c
+++ b/src/m_misc.c
@@ -459,6 +459,8 @@
// Safe, portable vsnprintf().
int M_vsnprintf(char *buf, size_t buf_len, const char *s, va_list args)
{
+ int result;
+
if (buf_len < 1)
{
return 0;
@@ -467,8 +469,17 @@
// Windows (and other OSes?) has a vsnprintf() that doesn't always
// append a trailing \0. So we must do it, and write into a buffer
// that is one byte shorter; otherwise this function is unsafe.
- buf[buf_len - 1] = '\0';
- return vsnprintf(buf, buf_len - 1, s, args);
+ result = vsnprintf(buf, buf_len, s, args);
+
+ // If truncated, change the final char in the buffer to a \0.
+ // A negative result indicates a truncated buffer on Windows.
+ if (result < 0 || result >= buf_len)
+ {
+ buf[buf_len - 1] = '\0';
+ result = buf_len - 1;
+ }
+
+ return result;
}
// Safe, portable snprintf().
--- a/textscreen/txt_sdl.c
+++ b/textscreen/txt_sdl.c
@@ -906,6 +906,8 @@
// Safe, portable vsnprintf().
int TXT_vsnprintf(char *buf, size_t buf_len, const char *s, va_list args)
{
+ int result;
+
if (buf_len < 1)
{
return 0;
@@ -914,8 +916,17 @@
// Windows (and other OSes?) has a vsnprintf() that doesn't always
// append a trailing \0. So we must do it, and write into a buffer
// that is one byte shorter; otherwise this function is unsafe.
- buf[buf_len - 1] = '\0';
- return vsnprintf(buf, buf_len - 1, s, args);
+ result = vsnprintf(buf, buf_len, s, args);
+
+ // If truncated, change the final char in the buffer to a \0.
+ // A negative result indicates a truncated buffer on Windows.
+ if (result < 0 || result >= buf_len)
+ {
+ buf[buf_len - 1] = '\0';
+ result = buf_len - 1;
+ }
+
+ return result;
}
// Safe, portable snprintf().