From 270f6793404872f5f58d169a93860157db148037 Mon Sep 17 00:00:00 2001
From: paladin-t <hellotony521@qq.com>
Date: Fri, 20 May 2016 14:24:49 +0800
Subject: [PATCH] +added an assertion when buffer overflow in the STR
 statement.

---
 HISTORY         |  3 +++
 core/my_basic.c | 13 +++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/HISTORY b/HISTORY
index d6675a7..0bf6670 100755
--- a/HISTORY
+++ b/HISTORY
@@ -1,3 +1,6 @@
+May. 20 2016
+Added an assertion when buffer overflow in STR
+
 May. 19 2016
 Added UTF8 BOM detection even with MB_ENABLE_UNICODE disabled
 Fixed a bug in ASC with UTF8 character
diff --git a/core/my_basic.c b/core/my_basic.c
index ebcc55e..fb048fb 100755
--- a/core/my_basic.c
+++ b/core/my_basic.c
@@ -15119,6 +15119,7 @@ static int _std_str(mb_interpreter_t* s, void** l) {
 	int result = MB_FUNC_OK;
 	mb_value_t arg;
 	char* chr = 0;
+	const size_t size = 32;
 
 	mb_assert(s && l);
 
@@ -15130,15 +15131,19 @@ static int _std_str(mb_interpreter_t* s, void** l) {
 
 	mb_check(mb_attempt_close_bracket(s, l));
 
-	chr = (char*)mb_malloc(32);
-	memset(chr, 0, 32);
+	chr = (char*)mb_malloc(size);
+	memset(chr, 0, size);
 	switch(arg.type) {
 	case MB_DT_INT:
-		sprintf(chr, MB_INT_FMT, arg.value.integer);
+		if((size_t)sprintf(chr, MB_INT_FMT, arg.value.integer) >= size) {
+			mb_assert(0 && "Buffer overflow.");
+		}
 
 		break;
 	case MB_DT_REAL:
-		sprintf(chr, MB_REAL_FMT, arg.value.float_point);
+		if((size_t)sprintf(chr, MB_REAL_FMT, arg.value.float_point) >= size) {
+			mb_assert(0 && "Buffer overflow.");
+		}
 
 		break;
 	default: