diff options
author | dshaligram <dshaligram@c06c8d41-db1a-0410-9941-cceddc491573> | 2007-04-01 22:13:21 +0000 |
---|---|---|
committer | dshaligram <dshaligram@c06c8d41-db1a-0410-9941-cceddc491573> | 2007-04-01 22:13:21 +0000 |
commit | 63750b0e37546a067244d09039143ec5b93a787a (patch) | |
tree | fc1b892fbdd2ce170cf5ae299c2b16b0efabdd67 /crawl-ref/source/tags.cc | |
parent | 1deeefa3619523ccf106444b0f768d2ee4916d02 (diff) | |
download | crawl-ref-63750b0e37546a067244d09039143ec5b93a787a.tar.gz crawl-ref-63750b0e37546a067244d09039143ec5b93a787a.zip |
Fixed potential buffer overflow on long inscriptions.
git-svn-id: https://crawl-ref.svn.sourceforge.net/svnroot/crawl-ref/trunk@1180 c06c8d41-db1a-0410-9941-cceddc491573
Diffstat (limited to 'crawl-ref/source/tags.cc')
-rw-r--r-- | crawl-ref/source/tags.cc | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/crawl-ref/source/tags.cc b/crawl-ref/source/tags.cc index fbddb4c692..2aa534d48a 100644 --- a/crawl-ref/source/tags.cc +++ b/crawl-ref/source/tags.cc @@ -314,7 +314,6 @@ void marshallString(struct tagHeader &th, const char *data, int maxSize) // put in the actual string -- we'll null terminate on // unmarshall. memcpy(&tagBuffer[th.offset], data, len); - th.offset += len; } @@ -324,6 +323,7 @@ void unmarshallString(struct tagHeader &th, char *data, int maxSize) // get length short len = unmarshallShort(th); int copylen = len; + if (len >= maxSize && maxSize > 0) copylen = maxSize - 1; @@ -1137,8 +1137,7 @@ static void tag_read_you(struct tagHeader &th, char minorVersion) you.num_turns = unmarshallLong(th); you.magic_contamination = unmarshallShort(th); - unmarshallString( th, buff, 80 ); - you.last_altar_inscription = buff; + you.last_altar_inscription = unmarshallString(th, 80); } static void tag_read_you_items(struct tagHeader &th, char minorVersion) |