From 6113cf7a6863b0748ec7f7fcb38f474a90fadc66 Mon Sep 17 00:00:00 2001
From: Tim Angus <tim@ngus.net>
Date: Mon, 3 Dec 2007 00:07:56 +0000
Subject: [PATCH] * (bug 3454) Fix crash in autocompletion due to incorrect
 strncpy buffer size

---
 code/qcommon/common.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/code/qcommon/common.c b/code/qcommon/common.c
index fd99449e..ba155bd4 100644
--- a/code/qcommon/common.c
+++ b/code/qcommon/common.c
@@ -3292,6 +3292,8 @@ static void Field_CompleteCommand( char *cmd,
 	}
 	else
 	{
+		int completionOffset;
+
 		if( completionString[0] == '\\' || completionString[0] == '/' )
 			completionString++;
 
@@ -3310,9 +3312,10 @@ static void Field_CompleteCommand( char *cmd,
 		if( matchCount == 0 )
 			return; // no matches
 
-		Q_strncpyz( &completionField->buffer[ strlen( completionField->buffer ) -
-			strlen( completionString ) ], shortestMatch,
-			sizeof( completionField->buffer ) );
+		completionOffset = strlen( completionField->buffer ) - strlen( completionString );
+
+		Q_strncpyz( &completionField->buffer[ completionOffset ], shortestMatch,
+			sizeof( completionField->buffer ) - completionOffset );
 
 		completionField->cursor = strlen( completionField->buffer );