From b8664b6856e2aecb83c08717ffbc7ae20dde9630 Mon Sep 17 00:00:00 2001
From: bones_was_here <bones_was_here@xonotic.au>
Date: Mon, 22 Jan 2024 04:03:51 +1000
Subject: [PATCH] PRVM: fix a use of strlcpy on an unterminated source

This code is used when starting a QC program in a non-English language.
See also 3727057b879ccfeaa434537f41a302f047e8cfae

Also renames the dp_ustr2stp() parameter ssize to slen for clarity.

Signed-off-by: bones_was_here <bones_was_here@xonotic.au>
---
 common.c     | 14 +++++++-------
 common.h     |  2 +-
 prvm_edict.c |  3 ++-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/common.c b/common.c
index 837c6353..06afb60f 100644
--- a/common.c
+++ b/common.c
@@ -1369,16 +1369,16 @@ char *dp_stpecpy(char *dst, char *end, const char *src)
  * Returns a pointer to the \0 terminator. Guarantees \0 termination.
  * Compared to ustr2stp(): truncates and warns on overflow.
  */
-char *dp_ustr2stp(char *dst, size_t dsize, const char *src, size_t ssize)
+char *dp_ustr2stp(char *dst, size_t dsize, const char *src, size_t slen)
 {
-	if (ssize >= dsize)
+	if (slen >= dsize)
 	{
-		ssize = dsize - 1;
-		Con_Printf(CON_WARN "%s: src string truncated to %zu bytes: \"%.*s\"\n", __func__, ssize, (int)ssize, src);
+		slen = dsize - 1;
+		Con_Printf(CON_WARN "%s: src string truncated to %zu bytes: \"%.*s\"\n", __func__, slen, (int)slen, src);
 	}
-	memcpy(dst, src, ssize);
-	dst[ssize] = '\0';
-	return &dst[ssize];
+	memcpy(dst, src, slen);
+	dst[slen] = '\0';
+	return &dst[slen];
 }
 
 /** Copies a string, like strlcpy() but with a better return: the number of bytes copied
diff --git a/common.h b/common.h
index cb889439..200e432b 100644
--- a/common.h
+++ b/common.h
@@ -297,7 +297,7 @@ size_t COM_StringDecolorize(const char *in, size_t size_in, char *out, size_t si
 size_t dp__strlcpy(char *dst, const char *src, size_t dsize, const char *func, unsigned line);
 size_t dp__strlcat(char *dst, const char *src, size_t dsize, const char *func, unsigned line);
 char *dp_stpecpy(char *dst, char *end, const char *src);
-char *dp_ustr2stp(char *dst, size_t dsize, const char *src, size_t ssize);
+char *dp_ustr2stp(char *dst, size_t dsize, const char *src, size_t slen);
 
 
 void FindFraction(double val, int *num, int *denom, int denomMax);
diff --git a/prvm_edict.c b/prvm_edict.c
index aa05028f..c05aaa28 100644
--- a/prvm_edict.c
+++ b/prvm_edict.c
@@ -1854,7 +1854,8 @@ static po_t *PRVM_PO_Load(const char *filename, const char *filename2, mempool_t
 					break;
 				if((size_t)(q - p) >= (size_t) sizeof(inbuf))
 					break;
-				dp_strlcpy(inbuf, p, q - p); // not - 1, because this adds a NUL
+				memcpy(inbuf, p, q - p - 1);
+				inbuf[q - p - 1] = '\0';
 				PRVM_PO_ParseString(decodedbuf + decodedpos, inbuf, sizeof(decodedbuf) - decodedpos);
 				decodedpos += strlen(decodedbuf + decodedpos);
 				if(*q == '\r')
-- 
2.39.2