From 71820bf1296d2d18800679dfb4ad5ac6265c6728 Mon Sep 17 00:00:00 2001 From: rubidium Date: Mon, 14 Jul 2008 18:22:15 +0000 Subject: (svn r13700) -Fix: possible buffer overflow in string truncation code. --- src/gfx.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/gfx.cpp b/src/gfx.cpp index 491112431..8cd3cefaa 100644 --- a/src/gfx.cpp +++ b/src/gfx.cpp @@ -256,9 +256,10 @@ static int TruncateString(char *str, int maxw) w += GetCharacterWidth(size, c); if (w >= maxw) { - /* string got too big... insert dotdotdot */ - ddd_pos[0] = ddd_pos[1] = ddd_pos[2] = '.'; - ddd_pos[3] = '\0'; + /* string got too big... insert dotdotdot, but make sure we do not + * print anything beyond the string termination character. */ + for (int i = 0; *ddd_pos != '\0' && i < 3; i++, ddd_pos++) *ddd_pos = '.'; + *ddd_pos = '\0'; return ddd_w; } } else { -- cgit v1.2.3-70-g09d2