Merge branch 'fix-va-buffer-overflow' into 'master'

Fix possible buffer overflow in 'va' function See merge request KartKrew/Kart-Public!357
2025-04-05 01:41:39 +00:00 · 2024-09-17 10:46:41 +00:00 · 2024-09-17 10:46:41 +00:00 · f41edb66e7
commit f41edb66e7
parent 44b4a68528 6e736ce6a5
2 changed files with 5 additions and 2 deletions
--- a/src/hu_stuff.c
+++ b/src/hu_stuff.c
@ -448,7 +448,10 @@ void HU_AddChatText(const char *text, boolean playsound)
 	if (OLDCHAT) // if we're using oldchat, print directly in console
 		CONS_Printf("%s\n", text);
 	else			// if we aren't, still save the message to log.txt
-		CON_LogMessage(va("%s\n", text));
+	{
+		CON_LogMessage(text);
+		CON_LogMessage("\n"); // Add newline. Don't use va for that, since `text` might be refering to va's buffer itself
+	}
 #else
 	(void)playsound;
 	CONS_Printf("%s\n", text);
--- a/src/m_misc.c
+++ b/src/m_misc.c
@ -1594,7 +1594,7 @@ char *va(const char *format, ...)
 	static char string[1024];

 	va_start(argptr, format);
-	vsprintf(string, format, argptr);
+	vsnprintf(string, 1024, format, argptr);
 	va_end(argptr);

 	return string;