From 37c921cdf0b36afefc73eaa000ecd38301192bd2 Mon Sep 17 00:00:00 2001
From: Leo Garcia <34465410+DrAtomic@users.noreply.github.com>
Date: Mon, 12 May 2025 10:34:57 -0700
Subject: [PATCH] fix format overflow in blackboxVirtualBeginLog (#14373)

* cast largestLogFileNumber to 16bits to prevent format overflow

* Update src/main/blackbox/blackbox_virtual.c

remove uint16 cast

Co-authored-by: Petr Ledvina <ledvinap@gmail.com>

* Update src/main/blackbox/blackbox_virtual.c

use snprintf instead of strlen

Co-authored-by: Petr Ledvina <ledvinap@gmail.com>

---------

Co-authored-by: Petr Ledvina <ledvinap@gmail.com>
---
 src/main/blackbox/blackbox_virtual.c | 6 +++---
 src/main/blackbox/blackbox_virtual.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/blackbox/blackbox_virtual.c b/src/main/blackbox/blackbox_virtual.c
index d607e6f125..7a5a76e6b1 100644
--- a/src/main/blackbox/blackbox_virtual.c
+++ b/src/main/blackbox/blackbox_virtual.c
@@ -87,9 +87,9 @@ bool blackboxVirtualBeginLog(void)
     if (blackboxVirtualFile != NULL) {
         return false;
     }
-    const size_t name_buffer_length = strlen(LOGFILE_PREFIX) + 5 + strlen(LOGFILE_SUFFIX) + 2; //file name template: LOG00001.BFL
+    const size_t name_buffer_length = snprintf(NULL, 0, "%s%05u.%s", LOGFILE_PREFIX, (largestLogFileNumber + 1) % 100000, LOGFILE_SUFFIX);
     char filename[name_buffer_length];
-    sprintf(filename, "%s%05i.%s", LOGFILE_PREFIX, largestLogFileNumber + 1, LOGFILE_SUFFIX);
+    snprintf(filename, sizeof(filename), "%s%05u.%s", LOGFILE_PREFIX, (largestLogFileNumber + 1) % 100000, LOGFILE_SUFFIX);
     blackboxVirtualFile = fopen(filename, "w");
     if (blackboxVirtualFile != NULL) {
         largestLogFileNumber++;
@@ -111,7 +111,7 @@ void blackboxVirtualClose(void)
     blackboxVirtualEndLog();
 }
 
-uint32_t blackboxVirtualLogFileNumber(void)
+int32_t blackboxVirtualLogFileNumber(void)
 {
     return largestLogFileNumber;
 }
diff --git a/src/main/blackbox/blackbox_virtual.h b/src/main/blackbox/blackbox_virtual.h
index 7f2eb0ee71..770bfc3c78 100644
--- a/src/main/blackbox/blackbox_virtual.h
+++ b/src/main/blackbox/blackbox_virtual.h
@@ -32,4 +32,4 @@ bool blackboxVirtualFlush(void);
 bool blackboxVirtualBeginLog(void);
 bool blackboxVirtualEndLog(void);
 void blackboxVirtualClose(void);
-uint32_t blackboxVirtualLogFileNumber(void);
+int32_t blackboxVirtualLogFileNumber(void);