Skip to content

Prevent buffer overflow in _al_bvcformata #1707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
connorjclark wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Prevent buffer overflow in _al_bvcformata #1707

connorjclark wants to merge 1 commit into from

Conversation

@connorjclark
Copy link
Contributor

@connorjclark connorjclark commented Dec 13, 2025
edited
Loading

On Windows + ASAN, I got a report of a buffer overflow from this call to al_ustr_newf:

HRESULT _al_create_default_primitives_hlsl_vertex_shader(LPDIRECT3DDEVICE9 device, LPD3DXEFFECT *shader)
{
   ALLEGRO_USTR *full_source = al_ustr_newf("%s\n%s",
   _al_get_default_hlsl_vertex_shader(), technique_source_vertex_v2);
   LPD3DXBUFFER errors;

The cause was a missing null-terminator + usage of strlen in _al_bvcformata. With DEBUGMODE set, this string is grown one byte at a time (which is probably needed to repro). All other usages of exvsnprintf in this file set a null terminator after calling it, except for this one.

Gemini helped me diagnose this: https://gemini.google.com/share/ac2168d6f6ad

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@connorjclark