From a2d0008e320bce80fa28c8d0fa0645a1c0b2286b Mon Sep 17 00:00:00 2001
From: helixhorned <helixhorned@1a8010ca-5511-0410-912e-c29ae57300e0>
Date: Tue, 24 Dec 2013 09:44:20 +0000
Subject: [PATCH] osd.c: patch up a possible oob access of osdtext[].

git-svn-id: https://svn.eduke32.com/eduke32@4210 1a8010ca-5511-0410-912e-c29ae57300e0
---
 polymer/eduke32/build/src/osd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/polymer/eduke32/build/src/osd.c b/polymer/eduke32/build/src/osd.c
index 1d25ddab8..93cf12fc0 100644
--- a/polymer/eduke32/build/src/osd.c
+++ b/polymer/eduke32/build/src/osd.c
@@ -1491,6 +1491,12 @@ void OSD_Draw(void)
 
     for (; lines>0; lines--, row--)
     {
+        // XXX: May happen, which would ensue an oob if not checked.
+        // Last char accessed is osdtext[topoffs + osdcols-1].
+        // Reproducible by running test.lua with -Lopts=diag
+        // and scrolling to the top.
+        if (topoffs + osdcols-1 >= sizeof(osdtext))
+            break;
         drawosdstr(0,row,osdtext+topoffs,osdcols,osdtextshade,osdtextpal);
         topoffs+=osdcols;
     }