At time of writing (latest commit d71be3a), parse_args includes the following:
size_t raw_len = strlen(argv[i]) + 2; // NULL byte and the potential space
wchar_t text[raw_len]; // Upper bound on size
This appears to allocate a buffer on the stack whose size is determined by user input. For a very large command line argument, this will most likely overflow the stack. Maybe this should be malloced instead? Apologies if I’m misreading something here.
At time of writing (latest commit d71be3a),
parse_argsincludes the following:This appears to allocate a buffer on the stack whose size is determined by user input. For a very large command line argument, this will most likely overflow the stack. Maybe this should be malloced instead? Apologies if I’m misreading something here.