Background
I ran into a memory corruption issue in my code (compiling with psn00bsdk using C++ and PCSX Redux). Stepping through the assembly, using Redux I found the corruption to happen in vsnprintf. Looking at the code for vsnprintf it is pretty obvious what the problem is.
The bugvsnprintf writes the characters to the output buffer calling:
I.e. ssz is the size of the output buffer (minus 1 so there is space for terminator), and string_pos is the current position to write to.
However, if the size of the output buffer (ssz) is less than string_pos then it will write nothing. But string_pos is still incremented.
Then, right before returning from the function it does this:
string[string_pos] = 0;
I.e., regardless of how big the output buffer string is, it indiscriminately writes the terminator character at the position where the end of the string would be had the buffer been big enough for it.
Note, I use the function like so (snprintf calls vsnprintf):
Background I ran into a memory corruption issue in my code (compiling with psn00bsdk using C++ and PCSX Redux). Stepping through the assembly, using Redux I found the corruption to happen in
vsnprintf
. Looking at the code forvsnprintf
it is pretty obvious what the problem is.The bug
vsnprintf
writes the characters to the output buffer calling:I.e.
ssz
is the size of the output buffer (minus 1 so there is space for terminator), andstring_pos
is the current position to write to. However, if the size of the output buffer (ssz
) is less thanstring_pos
then it will write nothing. Butstring_pos
is still incremented.Then, right before returning from the function it does this:
I.e., regardless of how big the output buffer
string
is, it indiscriminately writes the terminator character at the position where the end of the string would be had the buffer been big enough for it.Note, I use the function like so (
snprintf
callsvsnprintf
):to gauge how big of a buffer I should allocate for the string.
A fix... I currently don't have the time to fix the issue, but might look at it later.