From fc3da7819fc546abbf63e265bd8b6375ff1ca45b Mon Sep 17 00:00:00 2001 From: mingodad Date: Mon, 18 Jan 2016 19:00:59 +0000 Subject: [PATCH] Fix possible buffer overflow, sizeof(SQChar) can be > 1 and the we need to reserve/allocate the correct size. --- squirrel/sqapi.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/squirrel/sqapi.cpp b/squirrel/sqapi.cpp index 93c86b0..3a51176 100644 --- a/squirrel/sqapi.cpp +++ b/squirrel/sqapi.cpp @@ -34,7 +34,8 @@ static bool sq_aux_gettypedarg(HSQUIRRELVM v,SQInteger idx,SQObjectType type,SQO SQInteger sq_aux_invalidtype(HSQUIRRELVM v,SQObjectType type) { - scsprintf(_ss(v)->GetScratchPad(100), 100 *sizeof(SQChar), _SC("unexpected type %s"), IdType2Name(type)); + SQUnsignedInteger buf_size = 100 *sizeof(SQChar); + scsprintf(_ss(v)->GetScratchPad(buf_size), buf_size, _SC("unexpected type %s"), IdType2Name(type)); return sq_throwerror(v, _ss(v)->GetScratchPad(-1)); }