Fix myhashfgets-related buffer overflows in deh_soc.c

src/deh_soc.c

@@ -229,7 +229,10 @@ void readPlayer(MYFILE *f, INT32 num)
 
 				SLOTFOUND
 
-				for (i = 0; i < MAXLINELEN-3; i++)
+				// A friendly neighborhood alias for brevity's sake
+				const size_t note_size = sizeof(description[num].notes);
+
+				for (i = 0; i < MAXLINELEN-note_size-3; i++)
 				{
 					if (s[i] == '=')
 					{
@@ -239,8 +242,9 @@ void readPlayer(MYFILE *f, INT32 num)
 				}
 				if (playertext)
 				{
-					strcpy(description[num].notes, playertext);
+					strlcpy(description[num].notes, playertext, note_size);
-					strcat(description[num].notes, myhashfgets(playertext, sizeof (description[num].notes), f));
+					strlcat(description[num].notes,
+						myhashfgets(playertext, note_size, f), note_size);
 				}
 				else
 					strcpy(description[num].notes, "");
@@ -249,7 +253,7 @@ void readPlayer(MYFILE *f, INT32 num)
 				// It works down here, though.
 				{
 					INT32 numline = 0;
-					for (i = 0; (size_t)i < sizeof(description[num].notes)-1; i++)
+					for (i = 0; (size_t)i < note_size-1; i++)
 					{
 						if (numline < 20 && description[num].notes[i] == '\n')
 							numline++;
@@ -1140,8 +1144,10 @@ void readgametype(MYFILE *f, char *gtname)
 				}
 				if (descr)
 				{
-					strcpy(gtdescription, descr);
+					strlcpy(gtdescription, descr, sizeof (gtdescription));
-					strcat(gtdescription, myhashfgets(descr, sizeof (gtdescription), f));
+					strlcat(gtdescription,
+						myhashfgets(descr, sizeof (gtdescription), f),
+						sizeof (gtdescription));
 				}
 				else
 					strcpy(gtdescription, "");