diff options
| -rw-r--r-- | src/Fl_Native_File_Chooser_WIN32.cxx | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/Fl_Native_File_Chooser_WIN32.cxx b/src/Fl_Native_File_Chooser_WIN32.cxx index 860d677d9..717f8c013 100644 --- a/src/Fl_Native_File_Chooser_WIN32.cxx +++ b/src/Fl_Native_File_Chooser_WIN32.cxx @@ -524,10 +524,14 @@ int Fl_WinAPI_Native_File_Chooser_Driver::showfile() { char pathname[FNFC_MAX_PATH]; for ( const WCHAR *s = dirname + dirlen + 1; *s; s += (wcslen(s)+1)) { - strncpy(pathname, wchartoutf8(dirname), FNFC_MAX_PATH); - strncat(pathname, "\\", FNFC_MAX_PATH); - strncat(pathname, wchartoutf8(s), FNFC_MAX_PATH); - pathname[FNFC_MAX_PATH-1] = 0; + // ISSUE #206 -- beware strncpy() vs. strncat(): + // > strncpy() doesn't guarantee null termination but strncat() does. + // > strncat() can write to n+1, whereas strncpy() only writes to n. + // fl_snprintf() can't be used here b/c wchartoutf8() returns a static str. + // + strncpy(pathname, wchartoutf8(dirname), FNFC_MAX_PATH); pathname[FNFC_MAX_PATH-1] = 0; + strncat(pathname, "\\", FNFC_MAX_PATH-1); + strncat(pathname, wchartoutf8(s), FNFC_MAX_PATH-1); add_pathname(pathname); } } |