From 648d51d13fa89359fd0b453d873e4939ba0ec73e Mon Sep 17 00:00:00 2001
From: Steffen <steffen@debian-BULLSEYE-live-builder-AMD64>
Date: Sun, 8 May 2022 00:46:04 +0200
Subject: [PATCH] fixed out of bound write in sound.c

---
 .gitignore  |  9 +++++++++
 ChangeLog   |  4 ++++
 src/sound.c | 11 ++++++-----
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index a582993..11413e5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,15 @@
+src/.deps/
+src/bomberclone
+stamp-h1
+config.status
+*.o
+config.log
+config.h
+Makefile
 .cproject
 .project
 .settings/
+*.cache/
 Makefile.in
 aclocal.m4
 compile
diff --git a/ChangeLog b/ChangeLog
index 83983f9..48dfcd5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 $Id: ChangeLog,v 1.137 2015/07/10 21:59:37 steffen Exp $
 
+08.05.2022: fixing possible out of buffer write errors
+- fixed: sound.c had a possible out of buffer write error do to the
+  usage of sprintf reading two buffers each of the same as the destinations buffer.
+
 10.07.2015: serval patches from Peter Spiess-Knafl applied
 - changed: enter key on the numpad works now also in menus
 
diff --git a/src/sound.c b/src/sound.c
index 9848490..6db2825 100644
--- a/src/sound.c
+++ b/src/sound.c
@@ -116,7 +116,8 @@ void
 snd_load (char *tilesetname)
 {
 #if HAVE_SDL_MIXER
-    char fullname[LEN_PATHFILENAME];
+#define FULLNAMELEN (LEN_PATHFILENAME+2*LEN_FILENAME)
+    char fullname[FULLNAMELEN];
     char filename[LEN_FILENAME];
 	_direntry *destart, *de, *desel;
     int i, max, sel;
@@ -138,9 +139,9 @@ snd_load (char *tilesetname)
         }
 
         /* try loading the sample from the tileset or the default */
-        sprintf (fullname, "%s/tileset/%s/%s", bman.datapath, tilesetname, filename);
+        snprintf (fullname, FULLNAMELEN, "%s/tileset/%s/%s", bman.datapath, tilesetname, filename);
         if ((snd.sample[i] = Mix_LoadWAV (fullname)) == NULL) {
-            sprintf (fullname, "%s/tileset/default/%s", bman.datapath, filename);
+            snprintf (fullname, FULLNAMELEN, "%s/tileset/default/%s", bman.datapath, filename);
             if ((snd.sample[i] = Mix_LoadWAV (fullname)) == NULL)
                 d_printf ("Couldn't load %s: %s\n", fullname, SDL_GetError ());
         }
@@ -148,7 +149,7 @@ snd_load (char *tilesetname)
 
 
 	/* random selection of an sound file */	
-	sprintf (fullname, "%s/music", bman.datapath);
+	snprintf (fullname, FULLNAMELEN, "%s/music", bman.datapath);
 	desel = destart = s_getdir (fullname);
 	
 	for (max = 0, de = destart; de != NULL; de = de->next) 
@@ -164,7 +165,7 @@ snd_load (char *tilesetname)
 	
     /* try loading the music from the tileset or the default */
 	if (desel != NULL) {
-		sprintf (fullname, "%s/music/%s", bman.datapath, desel->name);
+		snprintf (fullname, FULLNAMELEN, "%s/music/%s", bman.datapath, desel->name);
 		if ((snd.music = Mix_LoadMUS (fullname)) == NULL)
         	d_printf ("Couldn't load %s: %s\n", fullname, SDL_GetError ());
 	}