Make sure error messages can't overflow a buffer.

Fixes Bugzilla #840.
libsdl-org · Oct 12, 2009 · e00b9e9 · e00b9e9
1 parent 75e512a
commit e00b9e9
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/timidity/config.h b/timidity/config.h
@@ -22,6 +22,8 @@
 #include "SDL_config.h"
 #include "SDL_endian.h"
 
+#define TIMIDITY_ERROR_SIZE 1024
+
 /* When a patch file can't be opened, one of these extensions is
    appended to the filename and the open is tried again.
  */

diff --git a/timidity/sdl_c.c b/timidity/sdl_c.c
@@ -115,7 +115,7 @@ static int cmsg(int type, int verbosity_level, char *fmt, ...)
       ctl.verbosity<verbosity_level)
     return 0;
   va_start(ap, fmt);
-  vsprintf(timidity_error, fmt, ap);
+  SDL_vsnprintf(timidity_error, TIMIDITY_ERROR_SIZE, fmt, ap);
   va_end(ap);
   return 0;
 #endif

diff --git a/timidity/timidity.c b/timidity/timidity.c
@@ -367,8 +367,9 @@ int Timidity_Init(int rate, int format, int channels, int samples)
   return(0);
 }
 
-char timidity_error[1024] = "";
+char timidity_error[TIMIDITY_ERROR_SIZE] = "";
 const char *Timidity_Error(void)
 {
   return(timidity_error);
 }
+