Fixed a potential buffer overflow in kFormat, which occurs in the "About" screen in KQ4

svn-id: r44738
author: Filippos Karapetis 2009-10-07 16:47:06 +0000
committer: Filippos Karapetis 2009-10-07 16:47:06 +0000
commit: 9f5c52b41057134b0c2c333e67cee37af023d1c9 (patch)
tree: 998f5498d19055c25b3f17ab0ac15bca65777169
parent: ec421984a9a6aa8d1f51913a6382b8eb1eb2c59a (diff)
download: scummvm-rg350-9f5c52b41057134b0c2c333e67cee37af023d1c9.tar.gz
scummvm-rg350-9f5c52b41057134b0c2c333e67cee37af023d1c9.tar.bz2
scummvm-rg350-9f5c52b41057134b0c2c333e67cee37af023d1c9.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/engines/sci/engine/kstring.cpp b/engines/sci/engine/kstring.cpp
index 8e75675a66..0d80618bfd 100644
--- a/engines/sci/engine/kstring.cpp
+++ b/engines/sci/engine/kstring.cpp
@@ -359,7 +359,8 @@ reg_t kReadNumber(EngineState *s, int argc, reg_t *argv) {
 reg_t kFormat(EngineState *s, int argc, reg_t *argv) {
 	uint16 *arguments;
 	reg_t dest = argv[0];
-	char targetbuf[512];
+	int maxsize = 4096; /* Arbitrary... */
+	char targetbuf[4096];
 	char *target = targetbuf;
 	reg_t position = argv[1]; /* source */
 	int index = argv[2].toUint16();
@@ -371,8 +372,6 @@ reg_t kFormat(EngineState *s, int argc, reg_t *argv) {
 	int startarg;
 	int str_leng = 0; /* Used for stuff like "%13s" */
 	int unsigned_var = 0;
-	int maxsize = 4096; /* Arbitrary... */
-
 
 	if (position.segment)
 		startarg = 2;
author	Filippos Karapetis	2009-10-07 16:47:06 +0000
committer	Filippos Karapetis	2009-10-07 16:47:06 +0000
commit	9f5c52b41057134b0c2c333e67cee37af023d1c9 (patch)
tree	998f5498d19055c25b3f17ab0ac15bca65777169
parent	ec421984a9a6aa8d1f51913a6382b8eb1eb2c59a (diff)
download	scummvm-rg350-9f5c52b41057134b0c2c333e67cee37af023d1c9.tar.gz scummvm-rg350-9f5c52b41057134b0c2c333e67cee37af023d1c9.tar.bz2 scummvm-rg350-9f5c52b41057134b0c2c333e67cee37af023d1c9.zip