<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40299 >

Because of a thinko there's a guaranteed buffer overflow every time this 
function was called.  This would most likely lead to random errors 
further down the line.

Detected by gcc 4.  I'll commit this one very shortly.


Also with utf-8 truncating things like this is not at all safe.  This 
can send incorrect utf-8 to the server which when sent back to the 
client becomes very hard to handle.  GTK will crash (yes, crash) if 
given invalid utf-8; it's supposed to be checked before it's passed in 
but I'm not sure if we do that.  If it is checked the best thing the 
client could do is discard the invalid utf-8 string.


Index: client/chatline_common.c
--- client/chatline_common.c	(revision 14820)
+++ client/chatline_common.c	(working copy)
@@ -79,7 +79,7 @@
   va_list ap;
   va_start(ap, format);
   my_vsnprintf(msg, maxlen, format, ap);
-  msg[maxlen] = '\0'; /* Make sure there is always ending zero */
+  msg[maxlen - 1] = '\0'; /* Make sure there is always ending zero */
Freeciv-dev mailing list

Reply via email to