Fix stack buffer overflow in var_subst() (dg_variables.c)

Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/5e320127-5bfa-499e-9776-e8a6cdd06bde Co-authored-by: welcor <357770+welcor@users.noreply.github.com>
Initial plan
2026-04-30 04:41:51 +02:00 · 2026-04-24 10:22:01 +00:00 · 2026-04-24 10:17:15 +00:00
1 changed files with 7 additions and 0 deletions
--- a/src/dg_variables.c
+++ b/src/dg_variables.c
@@ -1636,6 +1636,13 @@ void var_subst(void *go, struct script_data *sc, trig_data *trig,
  int paren_count = 0;
  int dots = 0;

+  /* reject lines that would overflow our fixed-size buffers */
+  if (strnlen(line, MAX_INPUT_LENGTH) >= MAX_INPUT_LENGTH) {
+    script_log("Trigger VNum %d: variable substitution line too long, ignoring.", GET_TRIG_VNUM(trig));
+    *buf = '\0';
+    return;
+  }
+
  /* skip out if no %'s */
  if (!strchr(line, '%')) {
    strcpy(buf, line);
Author	SHA1	Message	Date
copilot-swe-agent[bot]	ed5f6a81da	Fix stack buffer overflow in var_subst() (dg_variables.c) Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/5e320127-5bfa-499e-9776-e8a6cdd06bde Co-authored-by: welcor <357770+welcor@users.noreply.github.com>	2026-04-24 10:22:01 +00:00
copilot-swe-agent[bot]	a2e3c2481d	Initial plan	2026-04-24 10:17:15 +00:00