From f40026a0bed33205255acf20d127601095d2eaf6 Mon Sep 17 00:00:00 2001
From: terminx <terminx@1a8010ca-5511-0410-912e-c29ae57300e0>
Date: Sat, 15 Dec 2018 01:36:32 +0000
Subject: [PATCH] Add bounds check to C_GetNextLabelName(). This isn't really
 necessary because the extra writes to the label buffer are immediately
 overwritten by the next label found, but I could see it causing a crash in an
 edge case where somehow the maximum number of labels had been defined.

git-svn-id: https://svn.eduke32.com/eduke32@7246 1a8010ca-5511-0410-912e-c29ae57300e0
---
 source/duke3d/src/gamedef.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/source/duke3d/src/gamedef.cpp b/source/duke3d/src/gamedef.cpp
index b93dd1296..9ded79702 100644
--- a/source/duke3d/src/gamedef.cpp
+++ b/source/duke3d/src/gamedef.cpp
@@ -1010,7 +1010,11 @@ static void C_GetNextLabelName(void)
 
 //    while (ispecial(*textptr) == 0 && *textptr!='['&& *textptr!=']' && *textptr!='\t' && *textptr!='\n' && *textptr!='\r')
     while (C_IsLabelChar(*textptr, i))
-        label[(g_labelCnt<<6)+(i++)] = *(textptr++);
+    {
+        if (i < (1<<6)-1)
+            label[(g_labelCnt<<6) + (i++)] = *textptr;
+        textptr++;
+    }
 
     label[(g_labelCnt<<6)+i] = 0;