diff options
author | Darkvater <Darkvater@openttd.org> | 2007-03-02 15:08:28 +0000 |
---|---|---|
committer | Darkvater <Darkvater@openttd.org> | 2007-03-02 15:08:28 +0000 |
commit | 213c73d3b1270ae85980c77ba26e56b651ba353e (patch) | |
tree | 6d13bc56413c6f77b48fce5acdcb16291446824c /src | |
parent | e514d3972f0b86ab64dc9f210e2d20d713e0f8b1 (diff) | |
download | openttd-213c73d3b1270ae85980c77ba26e56b651ba353e.tar.xz |
(svn r8975) -Regression: [win32] Possible buffer overflow if unicode text is pasted into an input box and needs trimming. The last character was wrongly assumed to be of length 1 (tb->maxlength - 1), while a unicode character can be up to 4 long.
Diffstat (limited to 'src')
-rw-r--r-- | src/win32.cpp | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/win32.cpp b/src/win32.cpp index 396c38d82..e6a4f6a27 100644 --- a/src/win32.cpp +++ b/src/win32.cpp @@ -1017,16 +1017,16 @@ bool InsertTextBufferClipboard(Textbuf *tb) width = length = 0; for (ptr = utf8_buf; (c = Utf8Consume(&ptr)) != '\0';) { - byte charwidth; - if (!IsPrintable(c)) break; - if (tb->length + length >= tb->maxlength - 1) break; - charwidth = GetCharacterWidth(FS_NORMAL, c); + size_t len = Utf8CharLen(c); + if (tb->length + length >= tb->maxlength - (uint16)len) break; + + byte charwidth = GetCharacterWidth(FS_NORMAL, c); if (tb->maxwidth != 0 && width + tb->width + charwidth > tb->maxwidth) break; width += charwidth; - length += Utf8CharLen(c); + length += len; } if (length == 0) return false; @@ -1038,6 +1038,7 @@ bool InsertTextBufferClipboard(Textbuf *tb) tb->length += length; tb->caretpos += length; + assert(tb->length < tb->maxlength); tb->buf[tb->length] = '\0'; // terminating zero return true; |