summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDarkvater <Darkvater@openttd.org>2007-03-02 15:08:28 +0000
committerDarkvater <Darkvater@openttd.org>2007-03-02 15:08:28 +0000
commit213c73d3b1270ae85980c77ba26e56b651ba353e (patch)
tree6d13bc56413c6f77b48fce5acdcb16291446824c /src
parente514d3972f0b86ab64dc9f210e2d20d713e0f8b1 (diff)
downloadopenttd-213c73d3b1270ae85980c77ba26e56b651ba353e.tar.xz
(svn r8975) -Regression: [win32] Possible buffer overflow if unicode text is pasted into an input box and needs trimming. The last character was wrongly assumed to be of length 1 (tb->maxlength - 1), while a unicode character can be up to 4 long.
Diffstat (limited to 'src')
-rw-r--r--src/win32.cpp11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/win32.cpp b/src/win32.cpp
index 396c38d82..e6a4f6a27 100644
--- a/src/win32.cpp
+++ b/src/win32.cpp
@@ -1017,16 +1017,16 @@ bool InsertTextBufferClipboard(Textbuf *tb)
width = length = 0;
for (ptr = utf8_buf; (c = Utf8Consume(&ptr)) != '\0';) {
- byte charwidth;
-
if (!IsPrintable(c)) break;
- if (tb->length + length >= tb->maxlength - 1) break;
- charwidth = GetCharacterWidth(FS_NORMAL, c);
+ size_t len = Utf8CharLen(c);
+ if (tb->length + length >= tb->maxlength - (uint16)len) break;
+
+ byte charwidth = GetCharacterWidth(FS_NORMAL, c);
if (tb->maxwidth != 0 && width + tb->width + charwidth > tb->maxwidth) break;
width += charwidth;
- length += Utf8CharLen(c);
+ length += len;
}
if (length == 0) return false;
@@ -1038,6 +1038,7 @@ bool InsertTextBufferClipboard(Textbuf *tb)
tb->length += length;
tb->caretpos += length;
+ assert(tb->length < tb->maxlength);
tb->buf[tb->length] = '\0'; // terminating zero
return true;