twix/raylib
1
0
Fork 0
mirror of https://github.com/raysan5/raylib.git synced 2026-01-24 08:09:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

ADDED: Multiply security checks to avoid crashes on wrongly provided string data #4751

Browse Source 
- REVIEWED: Checking `NULL` input on functions getting `const char *text`, to avoid crashes
- REVIEWED: `strcpy()` usage, prioritize `strncpy()` with limited copy to buffer size
- REPLACED: `strlen()` by `TextLength()` on [rtext] module
- REVIEWED: Replaced some early returns (but keeping others, for easier code following)
This commit is contained in:
Ray
2025-12-11 12:59:55 +01:00
parent 71a35f661e
commit 2a566544d4
8 changed files with 289 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/rlgl.h
View File

@ -2492,12 +2492,12 @@ void rlLoadExtensions(void *loader)
const char *extensions = (const char *)glGetString(GL_EXTENSIONS); // One big const string
// NOTE: We have to duplicate string because glGetString() returns a const string
int size = strlen(extensions) + 1; // Get extensions string size in bytes
char *extensionsDup = (char *)RL_CALLOC(size, sizeof(char));
strcpy(extensionsDup, extensions);
int extSize = (int)strlen(extensions); // Get extensions string size in bytes
char *extensionsDup = (char *)RL_CALLOC(extSize + 1, sizeof(char)); // Allocate space for copy with additional EOL byte
strncpy(extensionsDup, extensions, extSize);
extList[numExt] = extensionsDup;
for (int i = 0; i < size; i++)
for (int i = 0; i < extSize; i++)
{
if (extensionsDup[i] == ' ')
{