ioquake/ioq3
0
0
Fork 0
mirror of https://github.com/ioquake/ioq3.git synced 2024-11-10 07:11:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Ensure that mbstowcs does not overflow its buffer

Browse source 
Similar to one of the changes by Tim Angus in fd986da: mbstowcs' third
argument is the number of wchar_t available in dest, not the number
of bytes.

This does not appear to be exploitable, because ioquake3 does
not actually call mumble_set_identity() or mumble_set_description()
anywhere, but it might be relevant to derivatives.

Spotted via compiler warnings.
This commit is contained in:
Simon McVittie 2015-01-04 11:08:20 +00:00
parent 8469c40c2b
commit ff7ff32b0e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
code/client/libmumblelink.c
View file

@ -146,7 +146,7 @@ void mumble_set_identity(const char* identity)
size_t len;
if (!lm)
return;
len = MIN(sizeof(lm->identity), strlen(identity)+1);
len = MIN(sizeof(lm->identity)/sizeof(wchar_t), strlen(identity)+1);
mbstowcs(lm->identity, identity, len);
}
@ -164,7 +164,7 @@ void mumble_set_description(const char* description)
size_t len;
if (!lm)
return;
len = MIN(sizeof(lm->description), strlen(description)+1);
len = MIN(sizeof(lm->description)/sizeof(wchar_t), strlen(description)+1);
mbstowcs(lm->description, description, len);
}