ref: e42e82aa1f016cbd0b27c21157548d11e6010ae0
parent: 33fe2b5883ce776e7c4fec88a049531d7785e491
author: Martin Storsjö <martin@martin.st>
date: Sun Jan 26 09:33:08 EST 2014
Make WelsVsprintf use vsnprintf, to check the buffer size Otherwise builds on platforms other than MSVC might be insecure. Use vsnprintf_s with the _TRUNCATE flag instead of vsprintf_s when using MSVC - this truncates the buffer instead of aborting the whole process in case it's too small.
--- a/codec/common/crt_util_safe_x.cpp
+++ b/codec/common/crt_util_safe_x.cpp
@@ -88,7 +88,7 @@
}
int32_t WelsVsprintf (str_t* pBuffer, int32_t iSizeOfBuffer, const str_t* kpFormat, va_list pArgPtr) {- return vsprintf_s (pBuffer, iSizeOfBuffer, kpFormat, pArgPtr);
+ return vsnprintf_s (pBuffer, iSizeOfBuffer, _TRUNCATE, kpFormat, pArgPtr);
}
WelsFileHandle* WelsFopen (const str_t* kpFilename, const str_t* kpMode) {@@ -142,7 +142,7 @@
}
int32_t WelsVsprintf (str_t* pBuffer, int32_t iSizeOfBuffer, const str_t* kpFormat, va_list pArgPtr) {- return vsprintf (pBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
+ return vsnprintf (pBuffer, iSizeOfBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
}
@@ -210,7 +210,7 @@
#endif
int32_t WelsVsprintf (str_t* pBuffer, int32_t iSizeOfBuffer, const str_t* kpFormat, va_list pArgPtr) {- return vsprintf (pBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
+ return vsnprintf (pBuffer, iSizeOfBuffer, kpFormat, pArgPtr); //confirmed_safe_unsafe_usage
}
WelsFileHandle* WelsFopen (const str_t* kpFilename, const str_t* kpMode) {