IntenseFinance/gnucash
3
0
Fork 0
mirror of https://github.com/Gnucash/gnucash.git synced 2025-02-25 18:55:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix assumption in gnc_num_dbg_to_string()

Browse Source 
If the size of "buff" is not evenly divisible by "size" then this would
allocate off the end of the buffer. That's not currently the case but the
calculation shouldn't do this. Change it to check there's actually enough
space.
This commit is contained in:
Simon Arlott
2023-06-28 08:09:37 +01:00
parent aba64c9762
commit dbf8f93be4
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libgnucash/engine/gnc-numeric.cpp
View File

@@ -1290,12 +1290,12 @@ gnc_num_dbg_to_string(gnc_numeric n)
{ {
static char buff[1000]; static char buff[1000];
static char *p = buff; static char *p = buff;
static const uint64_t size = 50; static const size_t size = 50;
int64_t tmpnum = n.num; int64_t tmpnum = n.num;
int64_t tmpdenom = n.denom; int64_t tmpdenom = n.denom;
p += size; p += size;
if (p - buff >= 1000) p = buff; if ((size_t)(p - buff) > sizeof(buff) - size) p = buff;
snprintf(p, size, "%" PRId64 "/%" PRId64, tmpnum, tmpdenom); snprintf(p, size, "%" PRId64 "/%" PRId64, tmpnum, tmpdenom);