From f7e05a6acefc20be045fbc703b358c6c6ba67503 Mon Sep 17 00:00:00 2001 From: Colin Snover Date: Mon, 4 Dec 2017 20:28:37 -0600 Subject: GRAPHICS: Fix incorrect maximum length passed to strlcpy --- graphics/fonts/bdf.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'graphics') diff --git a/graphics/fonts/bdf.cpp b/graphics/fonts/bdf.cpp index 03c1b7b541..96255dc4d4 100644 --- a/graphics/fonts/bdf.cpp +++ b/graphics/fonts/bdf.cpp @@ -411,8 +411,8 @@ BdfFont *BdfFont::loadFont(Common::SeekableReadStream &stream) { boxes[encoding] = box; } } else if (line.hasPrefix("FAMILY_NAME \"")) { - familyName = new char[line.size()]; // We will definitely fit here - Common::strlcpy(familyName, &line.c_str()[13], line.size()); + familyName = new char[line.size()]; + Common::strlcpy(familyName, line.c_str() + 13, line.size() - 13); char *p = &familyName[strlen(familyName)]; while (p != familyName && *p != '"') p--; @@ -428,8 +428,8 @@ BdfFont *BdfFont::loadFont(Common::SeekableReadStream &stream) { } *p = '\0'; // Remove last quote } else if (line.hasPrefix("SLANT \"")) { - slant = new char[line.size()]; // We will definitely fit here - Common::strlcpy(slant, &line.c_str()[7], line.size()); + slant = new char[line.size()]; + Common::strlcpy(slant, line.c_str() + 7, line.size() - 7); char *p = &slant[strlen(slant)]; while (p != slant && *p != '"') p--; -- cgit v1.2.3