From c7bfe749fceb4025f281f05661f9b9d762d8f411 Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Fri, 22 Mar 2024 09:47:34 +0100
Subject: Check for sufficient buffer space only after clamping

The clamping itself has a sanity check when debug mode is active.
---
 Row.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Row.c b/Row.c
index 3ee87cdb..0bf860e5 100644
--- a/Row.c
+++ b/Row.c
@@ -442,9 +442,10 @@ void Row_printLeftAlignedField(RichString* str, int attr, const char* content, u
 }
 
 int Row_printPercentage(float val, char* buffer, size_t n, uint8_t width, int* attr) {
-   assert(width >= 4 && width < n && "Invalid width in Row_printPercentage()");
+   assert(n >= 6 && width >= 4 && "Invalid width in Row_printPercentage()");
    // truncate in favour of abort in xSnprintf()
-   width = (uint8_t)CLAMP(width, 4, n - 1);
+   width = (uint8_t)CLAMP(width, 4, n - 2);
+   assert(width < n - 1 && "Insuficient space to print column");
 
    if (isNonnegative(val)) {
       if (val < 0.05F)
-- 
cgit v1.2.3