Hi,
Yes, the size calculation looks correct. The '11' is the number of
literal characters in the format string. The sizeof(e-type) * 3 is an
overestimate of the number of decimal digits in an int of sizeof()
bytes. The '1' is a linefeed allowance.
Lenard Lindstrom
On 23/08/11 06:30 AM, René Dudfield wrote:
Hi,
I just noticed this bug and patch on the issue tracker:
https://bitbucket.org/pygame/pygame/issue/67/event_str-buffer-overflow
I'm not quite sure about the string size calculation, so was wondering
if someone else could review it too... Where does the 11 come from?
I think it comes from the 11 extra characters in the formatted
string. The +1 is there for the null byte at the end of the string.
Does that sound ok?
I added a test for it based on the test in the issue, and it seems to
pass now. Where it used to do a buffer overflow.
cheers,
