Text only | Text with Images

The International Simutrans Forum

Development => Patches & Projects => Incorporated Patches and Solved Bug Reports => Topic started by: Spike on March 20, 2012, 09:59:04 AM

Title: Potential buffer overflow in pakselector.cc
Post by: Spike on March 20, 2012, 09:59:04 AM
If the path is bigger than 1024 characters, this will cause a buffer overflow:

Code Select

    FOR(slist_tpl<entry>, const& i, entries) {
        char path[1024];
        sprintf(path,"%saddons/%s", umgebung_t::user_dir, i.button->get_text());


Edit: There are two of these problems in pakselector.cc, I think.
Text only | Text with Images