Make sure error messages can't overflow a buffer.
authorRyan C. Gordon <icculus@icculus.org>
Mon, 12 Oct 2009 05:56:10 +0000
changeset 4509d5e6ab8ddfc
parent 449 3f60c121d643
child 451 1b767145cf8d
Make sure error messages can't overflow a buffer.

Fixes Bugzilla #840.
timidity/config.h
timidity/sdl_c.c
timidity/timidity.c
     1.1 --- a/timidity/config.h	Mon Oct 12 05:39:13 2009 +0000
     1.2 +++ b/timidity/config.h	Mon Oct 12 05:56:10 2009 +0000
     1.3 @@ -22,6 +22,8 @@
     1.4  #include "SDL_config.h"
     1.5  #include "SDL_endian.h"
     1.6  
     1.7 +#define TIMIDITY_ERROR_SIZE 1024
     1.8 +
     1.9  /* When a patch file can't be opened, one of these extensions is
    1.10     appended to the filename and the open is tried again.
    1.11   */
     2.1 --- a/timidity/sdl_c.c	Mon Oct 12 05:39:13 2009 +0000
     2.2 +++ b/timidity/sdl_c.c	Mon Oct 12 05:56:10 2009 +0000
     2.3 @@ -115,7 +115,7 @@
     2.4        ctl.verbosity<verbosity_level)
     2.5      return 0;
     2.6    va_start(ap, fmt);
     2.7 -  vsprintf(timidity_error, fmt, ap);
     2.8 +  SDL_vsnprintf(timidity_error, TIMIDITY_ERROR_SIZE, fmt, ap);
     2.9    va_end(ap);
    2.10    return 0;
    2.11  #endif
     3.1 --- a/timidity/timidity.c	Mon Oct 12 05:39:13 2009 +0000
     3.2 +++ b/timidity/timidity.c	Mon Oct 12 05:56:10 2009 +0000
     3.3 @@ -367,8 +367,9 @@
     3.4    return(0);
     3.5  }
     3.6  
     3.7 -char timidity_error[1024] = "";
     3.8 +char timidity_error[TIMIDITY_ERROR_SIZE] = "";
     3.9  const char *Timidity_Error(void)
    3.10  {
    3.11    return(timidity_error);
    3.12  }
    3.13 +