put_line(): Fix buffer overflow.

At the end of the format string it wrote a last byte (or inline string) past the end of the lcd boundaries, potentially overwriting unrelated memory. It now makes sure it won't exceed the viewport's width. Change-Id: Id4cfce918e8b070b7fc3c7d33f389f7a171963ff
2014-01-12 17:31:53 +01:00 · 2014-01-12 17:31:53 +01:00 · 193911af76
commit 193911af76
parent 3ae73433ab
1 changed files with 5 additions and 3 deletions
--- a/apps/gui/line.c
+++ b/apps/gui/line.c
@ -184,6 +184,7 @@ static void print_line(struct screen *display,
    enum themable_icons icon;
    char tempbuf[MAX_PATH+32];
    unsigned int tempbuf_idx;
+    int max_width = display->getwidth();

    height = line->height == -1 ? display->getcharheight() : line->height;
    icon_h = get_icon_height(display->screen_type);
@ -195,7 +196,7 @@ static void print_line(struct screen *display,
    y += height/2 - display->getcharheight()/2;

    /* parse format string */
-    while (1)
+    while (xpos < max_width)
    {
        ch = *fmt++;
        /* need to check for escaped '$' */
@ -280,7 +281,8 @@ next:
                DEBUGF("%s ", ch ? "put_line: String truncated" : "");
            }
            if (!ch)
-            {   /* end of string. put it online */
+            {   /* end of format string. flush pending inline string, if any */
+                if (tempbuf[0])
                    put_text(display, xpos, y, line, tempbuf, false, 0);
                return;
            }