From d58b4e358962932e56025dde7547ca8501d1e4a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Janiszewski?= <janisozaur@gmail.com>
Date: Sun, 13 Sep 2015 21:41:37 +0200
Subject: [PATCH] memory safeness

Just some more memory checks.

One memset appears to be wrong, is fixed now.

I think this might fix #1928, but please check.
---
 src/localisation/LanguagePack.cpp |  2 +-
 src/scenario.c                    | 25 ++++++++++++++++++++++---
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/src/localisation/LanguagePack.cpp b/src/localisation/LanguagePack.cpp
index 32a04c6793..0c8739c34c 100644
--- a/src/localisation/LanguagePack.cpp
+++ b/src/localisation/LanguagePack.cpp
@@ -351,7 +351,7 @@ void LanguagePack::ParseGroupScenario(IStringReader *reader)
 		if (_currentScenarioOverride == nullptr) {
 			_scenarioOverrides.push_back(ScenarioOverride());
 			_currentScenarioOverride = &_scenarioOverrides[_scenarioOverrides.size() - 1];
-			memset(_currentScenarioOverride, 0, sizeof(ObjectOverride));
+			memset(_currentScenarioOverride, 0, sizeof(ScenarioOverride));
 			_currentScenarioOverride->filename = sb.GetString();
 		}
 	}
diff --git a/src/scenario.c b/src/scenario.c
index 9846f5ebef..45723c4425 100644
--- a/src/scenario.c
+++ b/src/scenario.c
@@ -75,7 +75,14 @@ int scenario_load_basic(const char *path, rct_s6_header *header, rct_s6_info *in
 
 			// Get filename
 			utf8 filename[MAX_PATH];
-			strcpy(filename, path_get_filename(path));
+			const char *temp_filename = path_get_filename(path);
+			int len = strnlen(temp_filename, MAX_PATH);
+			strncpy(filename, temp_filename, MAX_PATH);
+			if (len == MAX_PATH)
+			{
+				filename[MAX_PATH - 1] = '\0';
+				log_warning("truncated string %s", filename);
+			}
 			path_remove_extension(filename);
 
 			rct_string_id localisedStringIds[3];
@@ -229,7 +236,13 @@ int scenario_load_and_play_from_path(const char *path)
 	if (!scenario_load(path))
 		return 0;
 
-	strcpy(_scenarioPath, path);
+	int len = strnlen(path, MAX_PATH);
+	strncpy(_scenarioPath, path, len);
+	if (len == MAX_PATH)
+	{
+		_scenarioPath[MAX_PATH - 1] = '\0';
+		log_warning("truncated string %s", _scenarioPath);
+	}
 	_scenarioFileName = path_get_filename(_scenarioPath);
 
 	log_verbose("starting scenario, %s", path);
@@ -300,7 +313,13 @@ void scenario_begin()
 	{
 		// Get filename
 		utf8 filename[MAX_PATH];
-		strcpy(filename, _scenarioFileName);
+		int len = strnlen(_scenarioFileName, MAX_PATH);
+		strncpy(filename, _scenarioFileName, len);
+		if (len == MAX_PATH)
+		{
+			filename[MAX_PATH - 1] = '\0';
+			log_warning("truncated string %s", filename);
+		}
 		path_remove_extension(filename);
 
 		rct_string_id localisedStringIds[3];