From fdda43df9ee7883205fedf46a40e324e98b42e1e Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 12 Jul 2016 11:51:38 +0200
Subject: Zero terminate fz_vsnprintf output when formatting warnings and error
 messages.

Fix for bug 696913.
---
 source/fitz/error.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source/fitz/error.c b/source/fitz/error.c
index dfab5e08..773f747a 100644
--- a/source/fitz/error.c
+++ b/source/fitz/error.c
@@ -27,6 +27,7 @@ void fz_vwarn(fz_context *ctx, const char *fmt, va_list ap)
 	char buf[sizeof ctx->warn->message];
 
 	fz_vsnprintf(buf, sizeof buf, fmt, ap);
+	buf[sizeof(buf) - 1] = 0;
 #ifdef USE_OUTPUT_DEBUG_STRING
 	OutputDebugStringA(buf);
 	OutputDebugStringA("\n");
@@ -112,7 +113,8 @@ static int fz_fake_throw(fz_context *ctx, int code, const char *fmt, ...)
 	va_list args;
 	ctx->error->errcode = code;
 	va_start(args, fmt);
-	vsnprintf(ctx->error->message, sizeof ctx->error->message, fmt, args);
+	fz_vsnprintf(ctx->error->message, sizeof ctx->error->message, fmt, args);
+	ctx->error->message[sizeof(ctx->error->message) - 1] = 0;
 	va_end(args);
 
 	if (code != FZ_ERROR_ABORT)
@@ -164,6 +166,7 @@ void fz_vthrow(fz_context *ctx, int code, const char *fmt, va_list ap)
 {
 	ctx->error->errcode = code;
 	fz_vsnprintf(ctx->error->message, sizeof ctx->error->message, fmt, ap);
+	ctx->error->message[sizeof(ctx->error->message) - 1] = 0;
 
 	if (code != FZ_ERROR_ABORT)
 	{
-- 
cgit v1.2.3