From babe53351ee7938281b545c2a4c34abdc1161e0f Mon Sep 17 00:00:00 2001 From: yexo Date: Fri, 23 Sep 2011 12:26:25 +0000 Subject: (svn r22952) -Fix: properly limit the length of strings in a choice list --- src/newgrf_text.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/newgrf_text.cpp b/src/newgrf_text.cpp index 74b024ca9..c086bae9a 100644 --- a/src/newgrf_text.cpp +++ b/src/newgrf_text.cpp @@ -371,7 +371,9 @@ struct UnmappedChoiceList : ZeroedMemoryAllocator { for (int i = 0; i < count; i++) { int idx = (this->type == SCC_GENDER_LIST ? lm->GetReverseMapping(i, true) : i + 1); const char *str = this->strings[this->strings.Contains(idx) ? idx : 0]; - size_t len = strlen(str); + /* Limit the length of the string we copy to 0xFE. The length is written above + * as a byte and we need room for the final '\0'. */ + size_t len = min(0xFE, strlen(str)); memcpy(d, str, len); d += len; *d++ = '\0'; -- cgit v1.2.3-70-g09d2