From 71820bf1296d2d18800679dfb4ad5ac6265c6728 Mon Sep 17 00:00:00 2001
From: rubidium <rubidium@openttd.org>
Date: Mon, 14 Jul 2008 18:22:15 +0000
Subject: (svn r13700) -Fix: possible buffer overflow in string truncation
 code.

---
 src/gfx.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/gfx.cpp b/src/gfx.cpp
index 491112431..8cd3cefaa 100644
--- a/src/gfx.cpp
+++ b/src/gfx.cpp
@@ -256,9 +256,10 @@ static int TruncateString(char *str, int maxw)
 			w += GetCharacterWidth(size, c);
 
 			if (w >= maxw) {
-				/* string got too big... insert dotdotdot */
-				ddd_pos[0] = ddd_pos[1] = ddd_pos[2] = '.';
-				ddd_pos[3] = '\0';
+				/* string got too big... insert dotdotdot, but make sure we do not
+				 * print anything beyond the string termination character. */
+				for (int i = 0; *ddd_pos != '\0' && i < 3; i++, ddd_pos++) *ddd_pos = '.';
+				*ddd_pos = '\0';
 				return ddd_w;
 			}
 		} else {
-- 
cgit v1.2.3-54-g00ecf