From bd025ae5c5eb2acb2719bdcc1dc443381803a3f5 Mon Sep 17 00:00:00 2001
From: Yamagi Burmeister <yamagi@yamagi.org>
Date: Mon, 24 Aug 2015 18:02:08 +0200
Subject: [PATCH] Fix an off-by-one in memmove() call in SV_Map()

Submitted by: Ozkan Sezer
---
 src/server/sv_init.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/server/sv_init.c b/src/server/sv_init.c
index 0a628f25..b83b29fb 100644
--- a/src/server/sv_init.c
+++ b/src/server/sv_init.c
@@ -377,7 +377,7 @@ SV_InitGame(void)
 	svs.spawncount = randk();
 	svs.clients = Z_Malloc(sizeof(client_t) * maxclients->value);
 	svs.num_client_entities = maxclients->value * UPDATE_BACKUP * 64;
-	svs.client_entities = 
+	svs.client_entities =
 		Z_Malloc( sizeof(entity_state_t) * svs.num_client_entities);
 
 	/* init network stuff */
@@ -463,13 +463,14 @@ SV_Map(qboolean attractloop, char *levelstring, qboolean loadgame)
 	}
 
 	/* skip the end-of-unit flag if necessary */
+	l = strlen(level);
+
 	if (level[0] == '*')
 	{
-		memmove(level, level + 1, strlen(level) + 1);
+		memmove(level, level + 1, l);
+		--l;
 	}
 
-	l = strlen(level);
-
 	if ((l > 4) && !strcmp(level + l - 4, ".cin"))
 	{
 #ifndef DEDICATED_ONLY