From f9a5d6fe862def561b97420b5791b2d07432e204 Mon Sep 17 00:00:00 2001 From: Aidan MacDonald Date: Wed, 22 Apr 2026 19:23:59 +0100 Subject: [PATCH] quake: fix crash from strange printf behavior (FS#13821) This was a latent bug exposed by commit a3f2b64a467c ("Enable float formatting in printf"). The version number is passed as 1.09f, but somehow ends up printing a string that is so huge it overruns the destination buffer and corrupts the return address on the stack. Using snprintf prevents the buffer overrun and gets quake working again, though this doesn't address the underlying bug with printf. Change-Id: I37e4426bc6ebca42d83b5a3b659da497b652d1ae --- apps/plugins/sdl/progs/quake/draw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/plugins/sdl/progs/quake/draw.c b/apps/plugins/sdl/progs/quake/draw.c index c870e6baba..5489810e1f 100644 --- a/apps/plugins/sdl/progs/quake/draw.c +++ b/apps/plugins/sdl/progs/quake/draw.c @@ -548,7 +548,7 @@ void Draw_ConsoleBackground (int lines) conback = Draw_CachePic ("gfx/conback.lmp"); dest = conback->data + 320 - 43 + 320*186; - sprintf (ver, "%.2f", (float)VERSION); + snprintf (ver, sizeof(ver), "%.2f", (float)VERSION); for (x=0 ; x