From 974a0c6f3ddf3d12ce87807b2da0f8e342d78b0d Mon Sep 17 00:00:00 2001
From: Gyorgy Szombathelyi <gyurco@freemail.hu>
Date: Sun, 13 Jun 2021 20:52:43 +0200
Subject: [PATCH] Fix buffer overflow with helptext_custom

---
 menu.c |  8 ++++----
 osd.c  | 12 ++++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/menu.c b/menu.c
index b9041d6..506ffe0 100644
--- a/menu.c
+++ b/menu.c
@@ -135,7 +135,7 @@ const char *helptexts[]={
 
 // one screen width
 const char* HELPTEXT_SPACER= "                                ";
-char helptext_custom[320];
+char helptext_custom[450]; // spacer(32) + corename(64) + minimig version(16) + helptexts[x](335)
 
 const char* scanlines[]={"Off","25%","50%","75%"};
 const char* stereo[]={"Mono","Stereo"};
@@ -775,7 +775,7 @@ void HandleUI(void)
 					char x = p[1];
 
 					// get version string
-					strcpy(s, OsdCoreName());
+					strcpy(s, OsdCoreName()); // max 65
 					strcat(s," ");
 					substrcpy(s+strlen(s), p, 1);
 					OsdCoreNameSet(s);
@@ -932,7 +932,7 @@ void HandleUI(void)
 			parentstate=MENU_8BIT_MAIN1;
 
 			// set helptext with core display on top of basic info
-			siprintf(helptext_custom, HELPTEXT_SPACER);
+			strcpy(helptext_custom, HELPTEXT_SPACER);
 			strcat(helptext_custom, OsdCoreName());
 			strcat(helptext_custom, helptexts[HELPTEXT_MAIN]);
 			helptext=helptext_custom;
@@ -2076,7 +2076,7 @@ void HandleUI(void)
 			menumask=0xF0;	// b11110000 Floppy turbo, Harddisk options & Exit.
 			OsdSetTitle("Minimig",OSD_ARROW_RIGHT);
 			// set helptext with core display on top of basic info
-			siprintf(helptext_custom, HELPTEXT_SPACER);
+			strcpy(helptext_custom, HELPTEXT_SPACER);
 			strcat(helptext_custom, OsdCoreName());
 			siprintf(s, "%s v%d.%d.%d", minimig_ver_beta ? " BETA" : "", minimig_ver_major, minimig_ver_minor, minimig_ver_minion);
 			strcat(helptext_custom, s);
diff --git a/osd.c b/osd.c
index 9b43ba5..63bb477 100644
--- a/osd.c
+++ b/osd.c
@@ -737,11 +737,15 @@ unsigned char OsdKeyGet() {
   return osd_key;
 }
 
-
-/* core currently loaded */
-static char lastcorename[261+10] = "CORE";
+/*
+   core currently loaded
+   core name + version string (8bit) or
+   filename(until fits into the buffer)
+*/
+static char lastcorename[65] = "CORE";
 void OsdCoreNameSet(const char* str) {
-	siprintf(lastcorename, "%s", str);
+	strncpy(lastcorename, str, sizeof(lastcorename));
+	lastcorename[sizeof(lastcorename)-1] = 0;
 }
 char* OsdCoreName() {
 	return lastcorename;