Fix a stack overflow issue caused by an invalid usage of snprintf

BUG=469244 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1062983002
author: Jun Fang <jun_fang@foxitsoftware.com> 2015-04-07 16:59:05 -0700
committer: Jun Fang <jun_fang@foxitsoftware.com> 2015-04-07 16:59:05 -0700
commit: 5a82342845335770f975ef7f9a1b0bca1cf2d971 (patch)
tree: 4ee22646aae8b0cab2a8a7b5864002ae203d8eed /core/src
parent: 8d4210712a1b112d9118b7a592e0e09ad838476f (diff)
download: pdfium-5a82342845335770f975ef7f9a1b0bca1cf2d971.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp
index dfdbef8bd6..ce6a1cd763 100644
--- a/core/src/fxcrt/fx_basic_wstring.cpp
+++ b/core/src/fxcrt/fx_basic_wstring.cpp
@@ -976,9 +976,9 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList)
                         nItemLen = nPrecision + nWidth + 128;
                     } else {
                         double f;
-                        char pszTemp[256];
+                        char pszTemp[256] = {0};
                         f = va_arg(argList, double);
-                        FXSYS_snprintf(pszTemp, sizeof(pszTemp), "%*.*f", nWidth, nPrecision + 6, f );
+                        FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f );
                         nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp);
                     }
                     break;
author	Jun Fang <jun_fang@foxitsoftware.com>	2015-04-07 16:59:05 -0700
committer	Jun Fang <jun_fang@foxitsoftware.com>	2015-04-07 16:59:05 -0700
commit	5a82342845335770f975ef7f9a1b0bca1cf2d971 (patch)
tree	4ee22646aae8b0cab2a8a7b5864002ae203d8eed /core/src
parent	8d4210712a1b112d9118b7a592e0e09ad838476f (diff)
download	pdfium-5a82342845335770f975ef7f9a1b0bca1cf2d971.tar.xz