DSprintf with a buffer length, possible crash bug
by Andrew Haydn Grant · in Torque Game Engine · 01/25/2006 (10:08 pm) · 1 replies
In winStrings.cc, around line 294, we see
The #else clause is potentially a crash bug. When TORQUE_COMPILER_CODEWARRIOR isn't defined, vsprintf will happily overrun its buffer. I was lucky to have overrun detection turned on, so it manifested immediately, rather than lurking in wait.
I changed this to always call vnsprintf(), even when TORQUE_COMPILER_CODEWARRIOR isn't defined. It worked fine, so I assume that this was once a compatability issue in the past, now made obsolete in newer versions of VC++.
If this does not work for older VC's, we want an assert at the least.
The next function in the file, "dVsprintf", has the same issue.
#if defined(TORQUE_COMPILER_CODEWARRIOR) S32 len = vsnprintf(buffer, bufferSize, format, args); #else bufferSize; S32 len = vsprintf(buffer, format, args); #endif
The #else clause is potentially a crash bug. When TORQUE_COMPILER_CODEWARRIOR isn't defined, vsprintf will happily overrun its buffer. I was lucky to have overrun detection turned on, so it manifested immediately, rather than lurking in wait.
I changed this to always call vnsprintf(), even when TORQUE_COMPILER_CODEWARRIOR isn't defined. It worked fine, so I assume that this was once a compatability issue in the past, now made obsolete in newer versions of VC++.
If this does not work for older VC's, we want an assert at the least.
The next function in the file, "dVsprintf", has the same issue.
About the author
Torque Owner Sim9