Skip to content

Fix segfault when passing a long string to v.drawString

Hanicef requested to merge Hanicef/SRB2:fix-buffer-overflow-hud-string into next

If a long string is passed to v.drawString, the game would segfault due to the string copy mechanism not resizing it's string buffer to a large enough size. This can be reproduced with this Lua script:

hud.add(function (v, stplyr, cam)
	local s = "aaaaa"
	for i = 0,5 do
		s = s .. s
	end
	v.drawString(0, 0, s)
end)

The fix simply makes sure to keep expanding the buffer size until it's ensured that there is enough space to fit the new string.

Merge request reports