Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed potential buffer overflow in SDL_vsnprintf() (thanks, Taylor!).
Fixes Bugzilla #3441. "When using internal SDL_vsnprintf(), and source string length is greater than destination, the final NULL char will be written beyond destination size. Primary issue that is SDL_strlcpy returns length of source string (SDL_PrintString()), not how much is written to destination. The destination ptr is then incremented by this length before the sanity check is done. Destination string is properly terminated, but an extra NULL char will be written beyond destination buffer length. Patch used internally is attached which fixes primary issue with SDL_strlcpy() in SDL_PrintString() and adjusts sanity checks to increment destination ptr safely."
- Loading branch information