From c341738ab89a54a067749025f7c59b8c83b05b86 Mon Sep 17 00:00:00 2001
From: Eugene Sandulenko
Date: Mon, 16 May 2016 10:47:33 +0200
Subject: SAGA: Fix potential buffer overrun.

If we have _statusTextInputPos as 256, we're doing incrementing to 257
and storing 0 there. This will lead to memory overwrite.
---
 engines/saga/interface.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'engines')

diff --git a/engines/saga/interface.cpp b/engines/saga/interface.cpp
index cb09d53762..c16650ddf1 100644
--- a/engines/saga/interface.cpp
+++ b/engines/saga/interface.cpp
@@ -1170,7 +1170,7 @@ void Interface::processStatusTextInput(Common::KeyState keystate) {
 		_statusTextInputPos--;
 		_statusTextInputString[_statusTextInputPos] = 0;
 	default:
-		if (_statusTextInputPos >= STATUS_TEXT_INPUT_MAX) {
+		if (_statusTextInputPos > STATUS_TEXT_INPUT_MAX) {
 			break;
 		}
 		if (Common::isAlnum(keystate.ascii) || (keystate.ascii == ' ')) {
-- 
cgit v1.2.3