Merge to XFA: Fix a stack overflow issue caused by an invalid usage of snprintf
authorJun Fang <jun_fang@foxitsoftware.com>
Tue, 7 Apr 2015 23:59:05 +0000 (16:59 -0700)
committerJUN FANG <jun_fang@foxitsoftware.com>
Wed, 8 Apr 2015 01:13:56 +0000 (18:13 -0700)
BUG=469244
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1062983002

core/src/fxcrt/fx_basic_wstring.cpp

index dfdbef8..ce6a1cd 100644 (file)
@@ -976,9 +976,9 @@ void CFX_WideString::FormatV(FX_LPCWSTR lpszFormat, va_list argList)
                         nItemLen = nPrecision + nWidth + 128;
                     } else {
                         double f;
-                        char pszTemp[256];
+                        char pszTemp[256] = {0};
                         f = va_arg(argList, double);
-                        FXSYS_snprintf(pszTemp, sizeof(pszTemp), "%*.*f", nWidth, nPrecision + 6, f );
+                        FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f );
                         nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp);
                     }
                     break;