From babe53351ee7938281b545c2a4c34abdc1161e0f Mon Sep 17 00:00:00 2001
From: yexo <yexo@openttd.org>
Date: Fri, 23 Sep 2011 12:26:25 +0000
Subject: (svn r22952) -Fix: properly limit the length of strings in a choice
 list

---
 src/newgrf_text.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/newgrf_text.cpp b/src/newgrf_text.cpp
index 74b024ca9..c086bae9a 100644
--- a/src/newgrf_text.cpp
+++ b/src/newgrf_text.cpp
@@ -371,7 +371,9 @@ struct UnmappedChoiceList : ZeroedMemoryAllocator {
 			for (int i = 0; i < count; i++) {
 				int idx = (this->type == SCC_GENDER_LIST ? lm->GetReverseMapping(i, true) : i + 1);
 				const char *str = this->strings[this->strings.Contains(idx) ? idx : 0];
-				size_t len = strlen(str);
+				/* Limit the length of the string we copy to 0xFE. The length is written above
+				 * as a byte and we need room for the final '\0'. */
+				size_t len = min(0xFE, strlen(str));
 				memcpy(d, str, len);
 				d += len;
 				*d++ = '\0';
-- 
cgit v1.2.3-54-g00ecf