From 7ba2d0160b6b4bfd68fc1d0819858f7138e2d1d4 Mon Sep 17 00:00:00 2001 From: Thomas Martitz Date: Thu, 9 Jan 2014 22:59:46 +0100 Subject: put_line(): Limit and truncate inline strings to MAX_PATH+32. Because inline strings have to be copied (to escape '$') the local buffer can be exhaused. The code didn't check for this. The buffer is increased to handle filenames plus some extra chars but truncates to avoid overflow. If you have longer strings please pass them via $t tag, in which case put_line() imposes no additional length-limitation. Change-Id: I0ca20adbe72f6d44cb442f34d665c16b12cbbaeb --- apps/gui/line.c | 15 ++++++++++++--- apps/gui/line.h | 11 ++++++++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/apps/gui/line.c b/apps/gui/line.c index 5a376c652c..d561f08c76 100644 --- a/apps/gui/line.c +++ b/apps/gui/line.c @@ -32,6 +32,7 @@ #include "settings.h" #include "debug.h" #include "viewport.h" +#include "debug.h" #ifdef HAVE_REMOTE_LCD #define MAX_LINES (LCD_SCROLLABLE_LINES + LCD_REMOTE_SCROLLABLE_LINES) @@ -158,8 +159,8 @@ static void print_line(struct screen *display, int xpos = x; int icon_y, icon_h, icon_w; enum themable_icons icon; - char tempbuf[128]; - int tempbuf_idx; + char tempbuf[MAX_PATH+32]; + unsigned int tempbuf_idx; height = line->height == -1 ? display->getcharheight() : line->height; icon_h = get_icon_height(display->screen_type); @@ -246,7 +247,15 @@ next: } else { /* handle string constant in format string */ - tempbuf[tempbuf_idx++] = ch; + if (tempbuf_idx < sizeof(tempbuf)-1) + { + tempbuf[tempbuf_idx++] = ch; + } + else if (tempbuf_idx == sizeof(tempbuf)-1) + { + tempbuf[tempbuf_idx++] = '\0'; + DEBUGF("%s ", ch ? "put_line: String truncated" : ""); + } if (!ch) { /* end of string. put it online */ put_text(display, xpos, y, line, tempbuf, false, 0); diff --git a/apps/gui/line.h b/apps/gui/line.h index fa1522003c..9a0769de35 100644 --- a/apps/gui/line.h +++ b/apps/gui/line.h @@ -108,9 +108,14 @@ struct line_desc { * $*t - skips the first n pixels when displaying the string. put_line() * expects a correspinding paramter of the type 'int' that specifies n. * - * Inline text will be printed as is and can be freely intermixed with tags, - * except when the line can scroll. Due to limitations of the scroll engine - * only the last piece of text (whether inline or via $t) can scroll. + * Inline text will be printed as is (be sure to escape '$') and can be freely + * intermixed with tags. Inline text will be truncated after MAX_PATH+31 bytes. + * If you have a longer inline string use a separate buffer and pass that via $t, + * which does not suffer from this truncation. + * + * Text can appear anywhere, before or after (or both) tags. However, when the + * line can scroll, only the last piece of text (whether inline or via $t) can + * scroll. This is due to a scroll_engine limitation. * * x, y - pixel postion of the line. * line - holds information for the line decorations -- cgit v1.2.3