Fix Com_VPrintf() for messages longer then 4096 chars.

At least with MinGW on Windows vsnprintf() treats buffer < size as an
error, returning -1 instead of the number of characters that would have
been printed without size restrictions. Therefor msgLen may be wrong,
leading to all kind of funny mistakes further down below... Buffer
overflow included. Work around this by handling the msgLen < 0 case and
adding an explicit terminating \0.

This is another case of "I wonder why nobody has never noticed this",
the GL1 renderers extension string triggered the buffer overflow each
time the game started.
This commit is contained in:
Yamagi Burmeister 2019-04-28 13:48:45 +02:00
parent 193a5b7a5c
commit 2c11d02b80

View file

@ -82,8 +82,13 @@ Com_VPrintf(int print_level, const char *fmt, va_list argptr)
{
int i;
char msg[MAXPRINTMSG];
int msgLen = vsnprintf(msg, MAXPRINTMSG, fmt, argptr);
if(msgLen >= MAXPRINTMSG) msgLen = MAXPRINTMSG-1;
if (msgLen >= MAXPRINTMSG || msgLen < 0) {
msgLen = MAXPRINTMSG-1;
msg[msgLen] = '\0';
}
if (rd_target)
{
if ((msgLen + strlen(rd_buffer)) > (rd_buffersize - 1))