From e60197962af7168f9b8b0517ffbf8e4917cfae48 Mon Sep 17 00:00:00 2001
From: Thomas Goyne <plorkyeran@aegisub.org>
Date: Tue, 8 Jul 2014 09:21:13 -0700
Subject: [PATCH] Fix buffer overflow when getting text extents

lfFaceName needs to be null-terminated, so only copy up to 31 characters
into the buffer.
---
 src/auto4_base.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/auto4_base.cpp b/src/auto4_base.cpp
index 8bb753d62..d51a3e98f 100644
--- a/src/auto4_base.cpp
+++ b/src/auto4_base.cpp
@@ -86,7 +86,7 @@ namespace Automation4 {
 		lf.lfClipPrecision = CLIP_DEFAULT_PRECIS;
 		lf.lfQuality = ANTIALIASED_QUALITY;
 		lf.lfPitchAndFamily = DEFAULT_PITCH|FF_DONTCARE;
-		wcsncpy(lf.lfFaceName, agi::charset::ConvertW(style->font).c_str(), 32);
+		wcsncpy(lf.lfFaceName, agi::charset::ConvertW(style->font).c_str(), 31);
 
 		HFONT thefont = CreateFontIndirect(&lf);
 		if (!thefont) return false;
-- 
GitLab