From 63d47bc5a4b26d21549a640ce6af4b5b40022d26 Mon Sep 17 00:00:00 2001 From: ocornut Date: Tue, 23 Aug 2016 16:55:06 +0200 Subject: [PATCH] ImFormatString() Fixed an overflow handling bug with implementation of vsnprintf() that do not return -1 (#793) --- imgui.cpp | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/imgui.cpp b/imgui.cpp index cb334f15..a8cddc64 100644 --- a/imgui.cpp +++ b/imgui.cpp @@ -944,21 +944,30 @@ const char* ImStristr(const char* haystack, const char* haystack_end, const char return NULL; } + +// MSVC version appears to return -1 on overflow, whereas glibc appears to return total count (which may be >= buf_size). +// Ideally we would test for only one of those limits at runtime depending on the behavior the vsnprintf(), but trying to deduct it at compile time sounds like a pandora can of worm. int ImFormatString(char* buf, int buf_size, const char* fmt, ...) { + IM_ASSERT(buf_size > 0); va_list args; va_start(args, fmt); int w = vsnprintf(buf, buf_size, fmt, args); va_end(args); - buf[buf_size-1] = 0; - return (w == -1) ? buf_size : w; + if (w == -1 || w >= buf_size) + w = buf_size - 1; + buf[w] = 0; + return w; } int ImFormatStringV(char* buf, int buf_size, const char* fmt, va_list args) { + IM_ASSERT(buf_size > 0); int w = vsnprintf(buf, buf_size, fmt, args); - buf[buf_size-1] = 0; - return (w == -1) ? buf_size : w; + if (w == -1 || w >= buf_size) + w = buf_size - 1; + buf[w] = 0; + return w; } // Pass data_size==0 for zero-terminated strings