Commit b8af865f18032e09dfc23e587e310baca90dbc80
2022-08-28T13:02:57
Fix candidate list size for Windows IME Adjust candidate count so list is not draw bigger that needed. This also fix potential uninitialised read of variable `candsize[i]` if `vertical` is false.
diff --git a/src/video/windows/SDL_windowskeyboard.c b/src/video/windows/SDL_windowskeyboard.c
index 0412efc..4f288c7 100644
--- a/src/video/windows/SDL_windowskeyboard.c
+++ b/src/video/windows/SDL_windowskeyboard.c
@@ -1559,7 +1559,7 @@ IME_RenderCandidateList(SDL_VideoData *videodata, HDC hdc)
SIZE candsizes[MAX_CANDLIST];
SIZE maxcandsize = {0};
HBITMAP hbm = NULL;
- const int candcount = SDL_min(SDL_min(MAX_CANDLIST, videodata->ime_candcount), videodata->ime_candpgsize);
+ int candcount = SDL_min(SDL_min(MAX_CANDLIST, videodata->ime_candcount), videodata->ime_candpgsize);
SDL_bool vertical = videodata->ime_candvertical;
const int listborder = 1;
@@ -1591,8 +1591,10 @@ IME_RenderCandidateList(SDL_VideoData *videodata, HDC hdc)
for (i = 0; i < candcount; ++i) {
const WCHAR *s = &videodata->ime_candidates[i * MAX_CANDLENGTH];
- if (!*s)
+ if (!*s) {
+ candcount = i;
break;
+ }
GetTextExtentPoint32W(hdc, s, (int)SDL_wcslen(s), &candsizes[i]);
maxcandsize.cx = SDL_max(maxcandsize.cx, candsizes[i].cx);
@@ -1654,8 +1656,6 @@ IME_RenderCandidateList(SDL_VideoData *videodata, HDC hdc)
for (i = 0; i < candcount; ++i) {
const WCHAR *s = &videodata->ime_candidates[i * MAX_CANDLENGTH];
int left, top, right, bottom;
- if (!*s)
- break;
if (vertical) {
left = listborder + listpadding + candmargin;