From 5a82342845335770f975ef7f9a1b0bca1cf2d971 Mon Sep 17 00:00:00 2001 From: Jun Fang Date: Tue, 7 Apr 2015 16:59:05 -0700 Subject: Fix a stack overflow issue caused by an invalid usage of snprintf BUG=469244 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1062983002 --- core/src/fxcrt/fx_basic_wstring.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/src/fxcrt/fx_basic_wstring.cpp b/core/src/fxcrt/fx_basic_wstring.cpp index dfdbef8bd6..ce6a1cd763 100644 --- a/core/src/fxcrt/fx_basic_wstring.cpp +++ b/core/src/fxcrt/fx_basic_wstring.cpp @@ -976,9 +976,9 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList) nItemLen = nPrecision + nWidth + 128; } else { double f; - char pszTemp[256]; + char pszTemp[256] = {0}; f = va_arg(argList, double); - FXSYS_snprintf(pszTemp, sizeof(pszTemp), "%*.*f", nWidth, nPrecision + 6, f ); + FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f ); nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp); } break; -- cgit v1.2.3