From 6139100f2391c8663e7222013d9625f6b538dce7 Mon Sep 17 00:00:00 2001
From: Cycloctane <Cycloctane@outlook.com>
Date: Mon, 29 Sep 2025 03:33:29 +0800
Subject: [PATCH] fix buffer overflow in time_frame_to_mmssff

make mm:ss:ff fit exactly in 8 chars
replace sprintf with snprintf
---
 src/lib/time.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/lib/time.c b/src/lib/time.c
index 91da91c..541fa26 100644
--- a/src/lib/time.c
+++ b/src/lib/time.c
@@ -7,6 +7,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 long time_msf_to_frame(int m, int s, int f)
 {
@@ -34,11 +35,16 @@ void time_frame_to_msf(long frame, int *m, int *s, int *f)
 /* print frame in mm:ss:ff format */
 char *time_frame_to_mmssff(long f)
 {
-	static char msf[10];
+	static char msf[9];
 	int minutes, seconds, frames;
 
+	if (f < 0 || f >= 75 * 60 * 100) {
+		strcpy(msf, "00:00:00");
+		return msf;
+	}
+
 	msf_frame_to_msf(f, &minutes, &seconds, &frames);
-	sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames);
+	snprintf(msf, sizeof(msf), "%02d:%02d:%02d", minutes, seconds, frames);
 
 	return msf;
 }