From a679ae64e0a659e2b94ec97e688633bc1a0d041e Mon Sep 17 00:00:00 2001
From: thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>
Date: Sat, 6 May 2006 01:56:24 +0000
Subject: Add string length checking to function COM_StripExtension. This fixes
 the R_RemapShader buffer overflow exploit that can be found here:
 http://milw0rm.com/exploits/1750

git-svn-id: svn://svn.icculus.org/quake3/trunk@765 edf5b092-35ff-0310-97b2-ce42778d08ea
---
 code/renderer/tr_bsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'code/renderer/tr_bsp.c')

diff --git a/code/renderer/tr_bsp.c b/code/renderer/tr_bsp.c
index 85909ba..c340e13 100644
--- a/code/renderer/tr_bsp.c
+++ b/code/renderer/tr_bsp.c
@@ -1823,7 +1823,7 @@ void RE_LoadWorldMap( const char *name ) {
 	Q_strncpyz( s_worldData.name, name, sizeof( s_worldData.name ) );
 
 	Q_strncpyz( s_worldData.baseName, COM_SkipPath( s_worldData.name ), sizeof( s_worldData.name ) );
-	COM_StripExtension( s_worldData.baseName, s_worldData.baseName );
+	COM_StripExtension(s_worldData.baseName, s_worldData.baseName, sizeof(s_worldData.baseName));
 
 	startMarker = ri.Hunk_Alloc(0, h_low);
 	c_gridVerts = 0;
-- 
cgit v1.2.3