From d03ee98d63748ba0e2225be221b45a250c8c5741 Mon Sep 17 00:00:00 2001
From: Fabian Greffrath
Date: Fri, 27 Mar 2015 16:26:22 +0100
Subject: Avoid calling strlen() on a potentially unterminated string

The src string may be unterminated and the call to strncpy() be
terminated by reaching dest_size. Instead of calling strlen() on the
src string, check if it has a NUL byte at the same position as the
dest string -- if not, the string was truncated.

Valgrind now gives thumbs up!
---
 src/m_misc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/m_misc.c b/src/m_misc.c
index 2e363412..ab3c7009 100644
--- a/src/m_misc.c
+++ b/src/m_misc.c
@@ -372,12 +372,15 @@ char *M_StringReplace(const char *haystack, const char *needle,
 
 boolean M_StringCopy(char *dest, const char *src, size_t dest_size)
 {
+    size_t len;
+
     if (dest_size >= 1)
     {
         dest[dest_size - 1] = '\0';
         strncpy(dest, src, dest_size - 1);
     }
-    return strlen(dest) == strlen(src);
+    len = strlen(dest);
+    return src[len] == '\0';
 }
 
 // Safe string concat function that works like OpenBSD's strlcat().
-- 
cgit v1.2.3