mirror
/
OpenTTD
mirror of https://github.com/OpenTTD/OpenTTD
1
0
Fork 0
Code Issues

(svn r8975) -Regression: [win32] Possible buffer overflow if unicode text is pasted into an input box and needs trimming. The last character was wrongly assumed to be of length 1 (tb->maxlength - 1), while a unicode character can be up to 4 long.

release/0.6
Darkvater 2007-03-02 15:08:28 +00:00
parent c0971bafdc
commit baf79a6a85
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/win32.cpp
View File

@ -1017,16 +1017,16 @@ bool InsertTextBufferClipboard(Textbuf *tb)
width = length = 0; width = length = 0;
for (ptr = utf8_buf; (c = Utf8Consume(&ptr)) != '\0';) { for (ptr = utf8_buf; (c = Utf8Consume(&ptr)) != '\0';) {
byte charwidth;
if (!IsPrintable(c)) break; if (!IsPrintable(c)) break;
if (tb->length + length >= tb->maxlength - 1) break;
charwidth = GetCharacterWidth(FS_NORMAL, c);
size_t len = Utf8CharLen(c);
if (tb->length + length >= tb->maxlength - (uint16)len) break;
byte charwidth = GetCharacterWidth(FS_NORMAL, c);
if (tb->maxwidth != 0 && width + tb->width + charwidth > tb->maxwidth) break; if (tb->maxwidth != 0 && width + tb->width + charwidth > tb->maxwidth) break;
width += charwidth; width += charwidth;
length += Utf8CharLen(c); length += len;
} }
if (length == 0) return false; if (length == 0) return false;
@ -1038,6 +1038,7 @@ bool InsertTextBufferClipboard(Textbuf *tb)
tb->length += length; tb->length += length;
tb->caretpos += length; tb->caretpos += length;
assert(tb->length < tb->maxlength);
tb->buf[tb->length] = '\0'; // terminating zero tb->buf[tb->length] = '\0'; // terminating zero
return true; return true;