diff options
| -rw-r--r-- | core/fxcrt/fx_basic_wstring.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/core/fxcrt/fx_basic_wstring.cpp b/core/fxcrt/fx_basic_wstring.cpp index 5cb6a57181..5c0b6ce061 100644 --- a/core/fxcrt/fx_basic_wstring.cpp +++ b/core/fxcrt/fx_basic_wstring.cpp @@ -607,6 +607,13 @@ void CFX_WideString::FormatV(const wchar_t* pFormat, va_list argList) { } GetBuffer(nMaxLen); if (m_pData) { + // In the following two calls, there's always space in the buffer for + // a terminating NUL that's not included in nMaxLen. + // For vswprintf(), MSAN won't untaint the buffer on a truncated write's + // -1 return code even though the buffer is written. Probably just as well + // not to trust the vendor's implementation to write anything anyways. + // See https://crbug.com/705912. + memset(m_pData->m_String, 0, nMaxLen + 1); FXSYS_vswprintf((wchar_t*)m_pData->m_String, nMaxLen + 1, (const wchar_t*)pFormat, argListSave); ReleaseBuffer(); |