Re: [pygame] PATCH needs review. event str buffer over flow

[Lenard Lindstrom <len-l@xxxxxxxxx>]

Hi,

Yes, the size calculation looks correct. The '11' is the number of 
literal characters in the format string. The sizeof(e-type) * 3 is an 
overestimate of the number of decimal digits in an int of sizeof() 
bytes. The '1' is a linefeed allowance.

Lenard Lindstrom

On 23/08/11 06:30 AM, René Dudfield wrote:
> Hi,
>
> I just noticed this bug and patch on the issue tracker:
> https://bitbucket.org/pygame/pygame/issue/67/event_str-buffer-overflow
>
>
> I'm not quite sure about the string size calculation, so was wondering 
> if someone else could review it too...  Where does the 11 come from?  
> I think it comes from the 11 extra characters in the formatted 
> string.  The +1 is there for the null byte at the end of the string.  
> Does that sound ok?
>
> I added a test for it based on the test in the issue, and it seems to 
> pass now.  Where it used to do a buffer overflow.
>
> cheers,