diff options
author | Jun Fang <jun_fang@foxitsoftware.com> | 2015-04-07 16:59:05 -0700 |
---|---|---|
committer | Jun Fang <jun_fang@foxitsoftware.com> | 2015-04-07 16:59:05 -0700 |
commit | 5a82342845335770f975ef7f9a1b0bca1cf2d971 (patch) | |
tree | 4ee22646aae8b0cab2a8a7b5864002ae203d8eed | |
parent | 8d4210712a1b112d9118b7a592e0e09ad838476f (diff) | |
download | pdfium-5a82342845335770f975ef7f9a1b0bca1cf2d971.tar.xz |
Fix a stack overflow issue caused by an invalid usage of snprintf
BUG=469244
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1062983002
-rw-r--r-- | core/src/fxcrt/fx_basic_wstring.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp index dfdbef8bd6..ce6a1cd763 100644 --- a/core/src/fxcrt/fx_basic_wstring.cpp +++ b/core/src/fxcrt/fx_basic_wstring.cpp @@ -976,9 +976,9 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) nItemLen = nPrecision + nWidth + 128; } else { double f; - char pszTemp[256]; + char pszTemp[256] = {0}; f = va_arg(argList, double); - FXSYS_snprintf(pszTemp, sizeof(pszTemp), "%*.*f", nWidth, nPrecision + 6, f ); + FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f ); nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp); } break; |