Commit dc4c7d9539fc65ace92c76a2d1536451685b74b8
2021-11-10T09:48:49
Fixed infinite loop in SDL_vsnprintf() if the format string is too large for the output buffer Fixes https://github.com/libsdl-org/SDL/issues/4940
diff --git a/src/stdlib/SDL_string.c b/src/stdlib/SDL_string.c
index cc25cc8..6922a24 100644
--- a/src/stdlib/SDL_string.c
+++ b/src/stdlib/SDL_string.c
@@ -1887,8 +1887,9 @@ SDL_vsnprintf(SDL_OUT_Z_CAP(maxlen) char *text, size_t maxlen, const char *fmt,
}
} else {
if (length < maxlen) {
- text[length] = *fmt++;
+ text[length] = *fmt;
}
+ ++fmt;
++length;
}
}
diff --git a/test/testautomation_stdlib.c b/test/testautomation_stdlib.c
index 608d92f..bfc8ad3 100644
--- a/test/testautomation_stdlib.c
+++ b/test/testautomation_stdlib.c
@@ -64,6 +64,12 @@ stdlib_snprintf(void *arg)
SDLTest_AssertPass("Call to SDL_snprintf(NULL, 0, \"%%s\", \"foo\")");
SDLTest_AssertCheck(result == 3, "Check result value, expected: 3, got: %d", result);
+ result = SDL_snprintf(text, 2, "%s\n", "foo");
+ expected = "f";
+ SDLTest_AssertPass("Call to SDL_snprintf(\"%%s\\n\", \"foo\") with buffer size 2");
+ SDLTest_AssertCheck(SDL_strcmp(text, expected) == 0, "Check text, expected: %s, got: %s", expected, text);
+ SDLTest_AssertCheck(result == 4, "Check result value, expected: 4, got: %d", result);
+
result = SDL_snprintf(text, sizeof(text), "%f", 0.0);
predicted = SDL_snprintf(NULL, 0, "%f", 0.0);
expected = "0.000000";