misc: Fix safe vsnprintf() function.

An off-by-one error in the function caused the strings to be truncated
one character too early. Change the return value check so that
negative values are also interpreted as indicating truncation; this is
the behavior of the Win32 API.

1 files changed, 13 insertions, 2 deletions

diff --git a/textscreen/txt_sdl.c b/textscreen/txt_sdl.c
index 860adfa6..984a2e75 100644
--- a/textscreen/txt_sdl.c
+++ b/textscreen/txt_sdl.c
@@ -906,6 +906,8 @@ void TXT_StringConcat(char *dest, const char *src, size_t dest_len)
 // Safe, portable vsnprintf().
 int TXT_vsnprintf(char *buf, size_t buf_len, const char *s, va_list args)
 {
+    int result;
+
     if (buf_len < 1)
     {
         return 0;
@@ -914,8 +916,17 @@ int TXT_vsnprintf(char *buf, size_t buf_len, const char *s, va_list args)
     // Windows (and other OSes?) has a vsnprintf() that doesn't always
     // append a trailing \0. So we must do it, and write into a buffer
     // that is one byte shorter; otherwise this function is unsafe.
-    buf[buf_len - 1] = '\0';
-    return vsnprintf(buf, buf_len - 1, s, args);
+    result = vsnprintf(buf, buf_len, s, args);
+
+    // If truncated, change the final char in the buffer to a \0.
+    // A negative result indicates a truncated buffer on Windows.
+    if (result < 0 || result >= buf_len)
+    {
+        buf[buf_len - 1] = '\0';
+        result = buf_len - 1;
+    }
+
+    return result;
 }
 
 // Safe, portable snprintf().