From a4327ef965fa6b8f4103f71ea4a7ae00f1fd97bc Mon Sep 17 00:00:00 2001
From: Zachary Slater <zachary@ioquake.org>
Date: Mon, 25 Oct 2010 06:39:11 +0000
Subject: [PATCH] Bugzilla #4753 Potential buffer overflow in
 UpdateTournamentInfo()

---
 code/game/g_arenas.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/code/game/g_arenas.c b/code/game/g_arenas.c
index da96c479..04846ae9 100644
--- a/code/game/g_arenas.c
+++ b/code/game/g_arenas.c
@@ -42,7 +42,6 @@ void UpdateTournamentInfo( void ) {
 	gentity_t	*player;
 	int			playerClientNum;
 	int			n, accuracy, perfect,	msglen;
-	int			buflen;
 #ifdef MISSIONPACK
   int score1, score2;
 	qboolean won;
@@ -126,8 +125,8 @@ void UpdateTournamentInfo( void ) {
 	for( i = 0; i < level.numNonSpectatorClients; i++ ) {
 		n = level.sortedClients[i];
 		Com_sprintf( buf, sizeof(buf), " %i %i %i", n, level.clients[n].ps.persistant[PERS_RANK], level.clients[n].ps.persistant[PERS_SCORE] );
-		buflen = strlen( buf );
-		if( msglen + buflen + 1 >= sizeof(msg) ) {
+		msglen += strlen( buf );
+		if( msglen >= sizeof(msg) ) {
 			break;
 		}
 		strcat( msg, buf );