nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

Don't use a plain %s when writing to a buffer

Browse Source 
My compiler was understandably concerned about a potential buffer
overflow here. I don't think the string could get long enough to
cause that to happen, but it's hard to be certain. It's much safer
to limit the length of the string so that it fits in the buffer, as
done here, and if there really wasn't a problem the change will
cause no harm at all. (If there was, the string will be truncated
rather than corrupting memory. This code is in showing the
config-file version of a status highlight, something where
truncated text will probably be obvious to the user.)
This commit is contained in:
Alex Smith
2017-11-01 15:22:28 +00:00
parent e4db58bdf3
commit 27e5f025f1
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/botl.c
View File

@@ -3163,7 +3163,9 @@ status_hilites_viewall()
datawin = create_nhwindow(NHW_TEXT);
while (hlstr) {
Sprintf(buf, "OPTIONS=hilite_status: %s", hlstr->str);
Sprintf(buf, "OPTIONS=hilite_status: %.*s",
(int)(BUFSZ - sizeof "OPTIONS=hilite_status: " - 1),
hlstr->str);
putstr(datawin, 0, buf);
hlstr = hlstr->next;
}