# HG changeset patch
# User rubidium
# Date 1216059735 0
# Node ID 4af6001e7fee2df113c9e2acd7123c560f9b1c49
# Parent  a70cb623e3e788858cbc174127b724ec9c695925
(svn r13700) -Fix: possible buffer overflow in string truncation code.

diff -r a70cb623e3e7 -r 4af6001e7fee src/gfx.cpp
--- a/src/gfx.cpp	Mon Jul 14 17:31:41 2008 +0000
+++ b/src/gfx.cpp	Mon Jul 14 18:22:15 2008 +0000
@@ -256,9 +256,10 @@
 			w += GetCharacterWidth(size, c);
 
 			if (w >= maxw) {
-				/* string got too big... insert dotdotdot */
-				ddd_pos[0] = ddd_pos[1] = ddd_pos[2] = '.';
-				ddd_pos[3] = '\0';
+				/* string got too big... insert dotdotdot, but make sure we do not
+				 * print anything beyond the string termination character. */
+				for (int i = 0; *ddd_pos != '\0' && i < 3; i++, ddd_pos++) *ddd_pos = '.';
+				*ddd_pos = '\0';
 				return ddd_w;
 			}
 		} else {