From 671f30d999d383bc1ee63dbc8a782eb8cfb0c7d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Madar=C3=A1sz?= <zaklaus@outlook.com>
Date: Sun, 11 Sep 2022 06:15:58 +0000
Subject: [PATCH] print: fix global-buffer-overflow in print module

---
 CHANGELOG                | 3 ++-
 code/source/core/print.c | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6796cdcc..3e2a5e60 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,5 @@
-18.0.1  - Fix ADT parser wrongly assuming that an IP address is a real number.
+18.0.2  - fix global-buffer-overflow in print module
+18.0.1  - fix ADT parser wrongly assuming that an IP address is a real number
 18.0.0  - removed coroutines module
         - removed timer module
         - rename zpl_adt_get -> zpl_adt_query
diff --git a/code/source/core/print.c b/code/source/core/print.c
index f637a987..7d17e246 100644
--- a/code/source/core/print.c
+++ b/code/source/core/print.c
@@ -143,6 +143,7 @@ zpl_internal zpl_isize zpl__print_string(char *text, zpl_isize max_len, zpl__for
 
     if (info && (info->width == 0 || info->flags & ZPL_FMT_MINUS)) {
         if (info->precision > 0) len = info->precision < len ? info->precision : len;
+        if (res+len > max_len) return res;
         res += zpl_strlcpy(text, str, len);
         text += res;
 
@@ -159,6 +160,7 @@ zpl_internal zpl_isize zpl__print_string(char *text, zpl_isize max_len, zpl__for
             while (padding-- > 0 && remaining-- > 0) *text++ = pad, res++;
         }
 
+        if (res+len > max_len) return res;
         res += zpl_strlcpy(text, str, len);
     }