From 13f390be3ecf2c13ae519ed008078ee1ab021206 Mon Sep 17 00:00:00 2001 From: smatz Date: Tue, 24 Feb 2009 22:57:02 +0000 Subject: (svn r15572) -Fix (r13730): theoretical buffer overflow when company with too long name funded a road reconstruction --- src/town_cmd.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/town_cmd.cpp b/src/town_cmd.cpp index 6d043be4f..10d200ffd 100644 --- a/src/town_cmd.cpp +++ b/src/town_cmd.cpp @@ -2197,15 +2197,15 @@ static void TownActionRoadRebuild(Town *t) { t->road_build_months = 6; - char *company_name = MallocT(64); + char company_name[MAX_LENGTH_COMPANY_NAME_BYTES]; SetDParam(0, _current_company); - GetString(company_name, STR_COMPANY_NAME, company_name + 64); + GetString(company_name, STR_COMPANY_NAME, lastof(company_name)); + char *cn = strdup(company_name); SetDParam(0, t->index); - SetDParamStr(1, company_name); + SetDParamStr(1, cn); - AddNewsItem(STR_2055_TRAFFIC_CHAOS_IN_ROAD_REBUILDING, - NS_GENERAL, t->xy, 0, company_name); + AddNewsItem(STR_2055_TRAFFIC_CHAOS_IN_ROAD_REBUILDING, NS_GENERAL, t->xy, 0, cn); } static bool DoBuildStatueOfCompany(TileIndex tile, TownID town_id) -- cgit v1.2.3-70-g09d2