zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-20 23:51:29 -07:00
Code Issues Packages Projects Releases Wiki Activity

Mosaic: Fix buffer overflow in game_text_format()

Browse Source 
The text format includes newline characters that weren't being
included in the buffer length calculation.  Fix the calculation and
assert before returning that the string offset matches the calculated
length.
This commit is contained in:
Ben Hutchings
2024-08-26 20:56:06 +02:00
committed by Simon Tatham
parent 262f709e02
commit 52afffaa15
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
mosaic.c
View File

@ -980,8 +980,8 @@ static bool game_can_format_as_text_now(const game_params *params)
static char *game_text_format(const game_state *state)
{
char *desc_string =
snewn((state->height * state->width) * 3 + 1, char);
size_t desc_len = state->height * (state->width * 3 + 1);
char *desc_string = snewn(desc_len + 1, char);
int location_in_str = 0, x, y;
for (y = 0; y < state->height; y++) {
for (x = 0; x < state->width; x++) {
@ -997,6 +997,7 @@ static char *game_text_format(const game_state *state)
sprintf(desc_string + location_in_str, "\n");
location_in_str += 1;
}
assert(location_in_str == desc_len);
return desc_string;
}