From e60197962af7168f9b8b0517ffbf8e4917cfae48 Mon Sep 17 00:00:00 2001 From: Thomas Goyne Date: Tue, 8 Jul 2014 09:21:13 -0700 Subject: [PATCH] Fix buffer overflow when getting text extents lfFaceName needs to be null-terminated, so only copy up to 31 characters into the buffer. --- src/auto4_base.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auto4_base.cpp b/src/auto4_base.cpp index 8bb753d62..d51a3e98f 100644 --- a/src/auto4_base.cpp +++ b/src/auto4_base.cpp @@ -86,7 +86,7 @@ namespace Automation4 { lf.lfClipPrecision = CLIP_DEFAULT_PRECIS; lf.lfQuality = ANTIALIASED_QUALITY; lf.lfPitchAndFamily = DEFAULT_PITCH|FF_DONTCARE; - wcsncpy(lf.lfFaceName, agi::charset::ConvertW(style->font).c_str(), 32); + wcsncpy(lf.lfFaceName, agi::charset::ConvertW(style->font).c_str(), 31); HFONT thefont = CreateFontIndirect(&lf); if (!thefont) return false;