From 8e22ef9b6d587113e3cd47c33cc0d344832da632 Mon Sep 17 00:00:00 2001
From: uruk
Date: Wed, 13 Aug 2014 19:49:56 +0200
Subject: CGE2: Fix possible string overflow in Hero::expand().

---
 engines/cge2/hero.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'engines/cge2/hero.cpp')

diff --git a/engines/cge2/hero.cpp b/engines/cge2/hero.cpp
index 82363860aa..945bf483bc 100644
--- a/engines/cge2/hero.cpp
+++ b/engines/cge2/hero.cpp
@@ -190,14 +190,15 @@ Sprite *Hero::expand() {
 		setShapeList(_dim[0], shpcnt);
 	}
 
-	Common::String str(_vm->_text->getText(_ref + 100));
-	char text[kLineMax + 1];
-	strcpy(text, str.c_str());
+	char *tempStr = _vm->_text->getText(_ref + 100);
+	char *text = new char[strlen(tempStr) + 1];
+	strcpy(text, tempStr);
 	_reachStart = atoi(_vm->token(text));
 	_reachCycle = atoi(_vm->token(nullptr));
 	_sayStart = atoi(_vm->token(nullptr));
 	_funStart = atoi(_vm->token(nullptr));
 	_funDel = _funDel0 = (72 / _ext->_seq[0]._dly) * atoi(_vm->token(nullptr));
+	delete[] text;
 
 	int i = stepSize() / 2;
 	_maxDist = sqrt(double(i * i * 2));
-- 
cgit v1.2.3