From 0efb8c2df4f81c525ff474c986d688b2954c68c8 Mon Sep 17 00:00:00 2001
From: Klaus Silveira <contact@klaussilveira.com>
Date: Wed, 26 Feb 2025 03:33:47 -0500
Subject: [PATCH] Fix buffer overflow warning when calculating game time.

---
 neo/d3xp/MultiplayerGame.cpp | 13 +++++++++++--
 neo/game/MultiplayerGame.cpp | 24 ++++++++++++++++--------
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/neo/d3xp/MultiplayerGame.cpp b/neo/d3xp/MultiplayerGame.cpp
index 4af570cf..0348dae2 100644
--- a/neo/d3xp/MultiplayerGame.cpp
+++ b/neo/d3xp/MultiplayerGame.cpp
@@ -842,7 +842,7 @@ const char *idMultiplayerGame::GameTime() {
 		if ( ms <= 0 ) {
 			strcpy( buff, "WMP --" );
 		} else {
-			sprintf( buff, "WMP %i", s );
+			idStr::snPrintf( buff, sizeof(buff), "WMP %i", s );
 		}
 	} else {
 		int timeLimit = gameLocal.serverInfo.GetInt( "si_timeLimit" );
@@ -861,7 +861,16 @@ const char *idMultiplayerGame::GameTime() {
 		t = s / 10;
 		s -= t * 10;
 
-		sprintf( buff, "%i:%i%i", m, t, s );
+		// Format time as m:ts (minutes:tens-seconds)
+		// Ensure we never exceed buffer size by using idStr::snPrintf
+		if ( m >= 100 ) {
+			// If minutes exceed 99, just show 99:59
+			idStr::snPrintf( buff, sizeof(buff), "99:59" );
+		} else if ( t > 0 ) {
+			idStr::snPrintf( buff, sizeof(buff), "%i:%i%i", m, t, s );
+		} else {
+			idStr::snPrintf( buff, sizeof(buff), "%i:0%i", m, s );
+		}
 	}
 	return &buff[0];
 }
diff --git a/neo/game/MultiplayerGame.cpp b/neo/game/MultiplayerGame.cpp
index 11cce5e8..c34b1bcc 100644
--- a/neo/game/MultiplayerGame.cpp
+++ b/neo/game/MultiplayerGame.cpp
@@ -541,7 +541,7 @@ const char *idMultiplayerGame::GameTime() {
 		if ( ms <= 0 ) {
 			strcpy( buff, "WMP --" );
 		} else {
-			sprintf( buff, "WMP %i", s );
+			idStr::snPrintf( buff, sizeof(buff), "WMP %i", s );
 		}
 	} else {
 		int timeLimit = gameLocal.serverInfo.GetInt( "si_timeLimit" );
@@ -554,14 +554,22 @@ const char *idMultiplayerGame::GameTime() {
 			ms = 0;
 		}
 
-		s = ms / 1000; // => s <= 2 147 483 (INT_MAX / 1000)
-		m = s / 60;  // => m <= 35 791
-		s -= m * 60; // => s < 60
-		t = s / 10;  // => t < 6
-		s -= t * 10; // => s < 10
-		// writing <= 5 for m + 3 bytes for ":ts" + 1 byte for \0 => 16 bytes is enough
+		s = ms / 1000;
+		m = s / 60;
+		s -= m * 60;
+		t = s / 10;
+		s -= t * 10;
 
-		sprintf( buff, "%i:%i%i", m, t, s );
+		// Format time as m:ts (minutes:tens-seconds)
+		// Ensure we never exceed buffer size by using idStr::snPrintf
+		if ( m >= 100 ) {
+			// If minutes exceed 99, just show 99:59
+			idStr::snPrintf( buff, sizeof(buff), "99:59" );
+		} else if ( t > 0 ) {
+			idStr::snPrintf( buff, sizeof(buff), "%i:%i%i", m, t, s );
+		} else {
+			idStr::snPrintf( buff, sizeof(buff), "%i:0%i", m, s );
+		}
 	}
 	return &buff[0];
 }