# HG changeset patch
# User peter1138
# Date 1165786778 0
# Node ID e235a3a573e339c07bbc74b80ff1f6d500d0da46
# Parent  b04421921eaeb9f11cbe74f10b2ff76023498130
(svn r7475) -Fix (r7348): sanity check NewGRF action 8 strings for null terminator

diff -r b04421921eae -r e235a3a573e3 newgrf.c
--- a/newgrf.c	Sun Dec 10 19:00:06 2006 +0000
+++ b/newgrf.c	Sun Dec 10 21:39:38 2006 +0000
@@ -2466,6 +2466,7 @@
 	}
 }
 
+
 /* Action 0x08 (GLS_FILESCAN) */
 static void ScanInfo(byte *buf, int len)
 {
@@ -2473,16 +2474,30 @@
 	uint32 grfid;
 	const char *name;
 	const char *info;
+	int name_len;
+	int info_len;
 
 	check_length(len, 8, "Info"); buf++;
 	version = grf_load_byte(&buf);
 	grfid = grf_load_dword(&buf);
-	name = (const char*)buf;
-	info = name + strlen(name) + 1;
 
 	_cur_grfconfig->grfid = grfid;
-	_cur_grfconfig->name  = TranslateTTDPatchCodes(name);
-	_cur_grfconfig->info  = TranslateTTDPatchCodes(info);
+
+	len -= 6;
+	name = (const char*)buf;
+	name_len = ttd_strnlen(name, len);
+
+	if (name_len < len) {
+		_cur_grfconfig->name = TranslateTTDPatchCodes(name);
+
+		len -= name_len + 1;
+		info = name + name_len + 1;
+		info_len = ttd_strnlen(info, len);
+
+		if (info_len < len) {
+			_cur_grfconfig->info  = TranslateTTDPatchCodes(info);
+		}
+	}
 
 	_skip_sprites = -1;
 }
diff -r b04421921eae -r e235a3a573e3 string.h
--- a/string.h	Sun Dec 10 19:00:06 2006 +0000
+++ b/string.h	Sun Dec 10 21:39:38 2006 +0000
@@ -46,6 +46,16 @@
 /** Convert the given string to lowercase, only works with ASCII! */
 void strtolower(char *str);
 
+
+/** Get the length of a string, within a limited buffer */
+static inline int ttd_strnlen(const char *str, int maxlen)
+{
+	const char *t;
+	for (t = str; *t != '\0' && t - str < maxlen; t++);
+	return t - str;
+}
+
+
 typedef uint32 WChar;
 
 /**