Fix a stack overflow issue caused by an invalid usage of snprintf

BUG=469244 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1062983002 (cherry picked from commit 5a82342845335770f975ef7f9a1b0bca1cf2d971) Review URL: https://codereview.chromium.org/1082043002
author: Lei Zhang <thestig@chromium.org> 2015-04-13 14:21:07 -0700
committer: Lei Zhang <thestig@chromium.org> 2015-04-13 14:21:07 -0700
commit: 41a5cc0c5bfcf998103180d33a2e32d2f495d656 (patch)
tree: 65cfba56aae323d335812fa4a516dd023b7c9403 /core/src
parent: fd736fa51d070c84d2f82dbf5cb6a6e7faf69b6b (diff)
download: pdfium-41a5cc0c5bfcf998103180d33a2e32d2f495d656.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp
index dfdbef8bd6..ce6a1cd763 100644
--- a/core/src/fxcrt/fx_basic_wstring.cpp
+++ b/core/src/fxcrt/fx_basic_wstring.cpp
@@ -976,9 +976,9 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList)
                         nItemLen = nPrecision + nWidth + 128;
                     } else {
                         double f;
-                        char pszTemp[256];
+                        char pszTemp[256] = {0};
                         f = va_arg(argList, double);
-                        FXSYS_snprintf(pszTemp, sizeof(pszTemp), "%*.*f", nWidth, nPrecision + 6, f );
+                        FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f );
                         nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp);
                     }
                     break;
author	Lei Zhang <thestig@chromium.org>	2015-04-13 14:21:07 -0700
committer	Lei Zhang <thestig@chromium.org>	2015-04-13 14:21:07 -0700
commit	41a5cc0c5bfcf998103180d33a2e32d2f495d656 (patch)
tree	65cfba56aae323d335812fa4a516dd023b7c9403 /core/src
parent	fd736fa51d070c84d2f82dbf5cb6a6e7faf69b6b (diff)
download	pdfium-41a5cc0c5bfcf998103180d33a2e32d2f495d656.tar.xz