fix buffer overflow in url encoding (affecting msvc2010/2013)

libretro-common/compat/compat_snprintf.c

@@ -55,13 +55,19 @@ int c99_vsnprintf_retro__(char *outBuf, size_t size, const char *format, va_list
 
    if (size != 0)
 #if (_MSC_VER <= 1310)
-       count = _vsnprintf(outBuf, size, format, ap);
+       count = _vsnprintf(outBuf, size - 1, format, ap);
 #else
-       count = _vsnprintf_s(outBuf, size, _TRUNCATE, format, ap);
+       count = _vsnprintf_s(outBuf, size, size - 1, format, ap);
 #endif
    if (count == -1)
        count = _vscprintf(format, ap);
 
+   if (count == size)
+   {
+      /* there was no room for a NULL, so truncate the last character */
+      outBuf[size - 1] = '\0';
+   }
+
    return count;
 }
 

libretro-common/net/net_http.c

@@ -109,6 +109,7 @@ void net_http_urlencode(char **dest, const char *source)
    char *enc  = NULL;
    /* Assume every character will be encoded, so we need 3 times the space. */
    size_t len = strlen(source) * 3 + 1;
+   size_t count = len;
 
    if (!urlencode_lut_inited)
       urlencode_lut_init();
@@ -119,11 +120,16 @@ void net_http_urlencode(char **dest, const char *source)
 
    for (; *source; source++)
    {
+      int written = 0;
+
       /* any non-ascii character will just be encoded without question */
       if ((unsigned)*source < sizeof(urlencode_lut) && urlencode_lut[(unsigned)*source])
-         snprintf(enc, len, "%c", urlencode_lut[(unsigned)*source]);
+         written = snprintf(enc, count, "%c", urlencode_lut[(unsigned)*source]);
       else
-         snprintf(enc, len, "%%%02X", *source & 0xFF);
+         written = snprintf(enc, count, "%%%02X", *source & 0xFF);
+
+      if (written > 0)
+         count -= written;
 
       while (*++enc);
    }