From dc4c7d9539fc65ace92c76a2d1536451685b74b8 Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Wed, 10 Nov 2021 09:48:49 -0800 Subject: [PATCH] Fixed infinite loop in SDL_vsnprintf() if the format string is too large for the output buffer Fixes https://github.com/libsdl-org/SDL/issues/4940 --- src/stdlib/SDL_string.c | 3 ++- test/testautomation_stdlib.c | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/stdlib/SDL_string.c b/src/stdlib/SDL_string.c index cc25cc83c..6922a24a9 100644 --- a/src/stdlib/SDL_string.c +++ b/src/stdlib/SDL_string.c @@ -1887,8 +1887,9 @@ SDL_vsnprintf(SDL_OUT_Z_CAP(maxlen) char *text, size_t maxlen, const char *fmt, } } else { if (length < maxlen) { - text[length] = *fmt++; + text[length] = *fmt; } + ++fmt; ++length; } } diff --git a/test/testautomation_stdlib.c b/test/testautomation_stdlib.c index 608d92fc2..bfc8ad373 100644 --- a/test/testautomation_stdlib.c +++ b/test/testautomation_stdlib.c @@ -64,6 +64,12 @@ stdlib_snprintf(void *arg) SDLTest_AssertPass("Call to SDL_snprintf(NULL, 0, \"%%s\", \"foo\")"); SDLTest_AssertCheck(result == 3, "Check result value, expected: 3, got: %d", result); + result = SDL_snprintf(text, 2, "%s\n", "foo"); + expected = "f"; + SDLTest_AssertPass("Call to SDL_snprintf(\"%%s\\n\", \"foo\") with buffer size 2"); + SDLTest_AssertCheck(SDL_strcmp(text, expected) == 0, "Check text, expected: %s, got: %s", expected, text); + SDLTest_AssertCheck(result == 4, "Check result value, expected: 4, got: %d", result); + result = SDL_snprintf(text, sizeof(text), "%f", 0.0); predicted = SDL_snprintf(NULL, 0, "%f", 0.0); expected = "0.000000";