From cb8becb2d37c5ada6f35c953152ef725f8098e75 Mon Sep 17 00:00:00 2001
From: toaster <rollerorbital@gmail.com>
Date: Thu, 22 Sep 2022 17:34:02 +0100
Subject: [PATCH] Enforce maximum length of 63 for map lumpname

Also, in g_demo.c, use SKIPSTRING (instead of READSTRINGN into a discard buffer)
---
 src/dehacked.c | 11 ++++++++++-
 src/doomstat.h |  2 ++
 src/g_demo.c   | 16 +++++++---------
 src/g_game.c   |  6 +++---
 4 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/src/dehacked.c b/src/dehacked.c
index e9ab537e9..eeb4acc69 100644
--- a/src/dehacked.c
+++ b/src/dehacked.c
@@ -382,7 +382,16 @@ static void DEH_LoadDehackedFile(MYFILE *f, boolean mainfile)
 				}
 				else if (fastcmp(word, "LEVEL"))
 				{
-					readlevelheader(f, word2);
+					size_t len = strlen(word2);
+					if (len <= MAXMAPLUMPNAME-1)
+					{
+						readlevelheader(f, word2);
+					}
+					else
+					{
+						deh_warning("Map header's lumpname %s is too long (%d characters VS %d max)", word2, len, (MAXMAPLUMPNAME-1));
+						ignorelines(f);
+					}
 				}
 				else if (fastcmp(word, "GAMETYPE"))
 				{
diff --git a/src/doomstat.h b/src/doomstat.h
index 0ed88b1aa..b64385d33 100644
--- a/src/doomstat.h
+++ b/src/doomstat.h
@@ -364,6 +364,8 @@ typedef struct cupheader_s
 extern cupheader_t *kartcupheaders; // Start of cup linked list
 extern UINT16 numkartcupheaders;
 
+#define MAXMAPLUMPNAME 64 // includes \0, for cleaner savedata
+
 /** Map header information.
   */
 typedef struct
diff --git a/src/g_demo.c b/src/g_demo.c
index c060762b5..27e42e541 100644
--- a/src/g_demo.c
+++ b/src/g_demo.c
@@ -1994,7 +1994,7 @@ void G_BeginRecording(void)
 
 	// game data
 	M_Memcpy(demo_p, "PLAY", 4); demo_p += 4;
-	WRITESTRINGN(demo_p, mapheaderinfo[gamemap-1]->lumpname, 255);
+	WRITESTRINGN(demo_p, mapheaderinfo[gamemap-1]->lumpname, MAXMAPLUMPNAME);
 	M_Memcpy(demo_p, mapmd5, 16); demo_p += 16;
 
 	WRITEUINT8(demo_p, demoflags);
@@ -2406,7 +2406,6 @@ UINT8 G_CmpDemoTime(char *oldname, char *newname)
 	UINT16 s ATTRUNUSED;
 	UINT8 aflags = 0;
 	boolean uselaps = false;
-	char discard[255];
 
 	// load the new file
 	FIL_DefaultExtension(newname, ".lmp");
@@ -2427,7 +2426,7 @@ UINT8 G_CmpDemoTime(char *oldname, char *newname)
 	p += 16; // demo checksum
 	I_Assert(!memcmp(p, "PLAY", 4));
 	p += 4; // PLAY
-	READSTRINGN(p, discard, sizeof(discard)); // gamemap
+	SKIPSTRING(p); // gamemap
 	p += 16; // map md5
 	flags = READUINT8(p); // demoflags
 	p++; // gametype
@@ -2485,7 +2484,7 @@ UINT8 G_CmpDemoTime(char *oldname, char *newname)
 		Z_Free(buffer);
 		return UINT8_MAX;
 	} p += 4; // "PLAY"
-	READSTRINGN(p, discard, sizeof(discard)); // gamemap
+	SKIPSTRING(p); // gamemap
 	p += 16; // mapmd5
 	flags = READUINT8(p);
 	p++; // gametype
@@ -2704,7 +2703,7 @@ void G_DoPlayDemo(char *defdemoname)
 {
 	UINT8 i, p;
 	lumpnum_t l;
-	char skin[17],color[MAXCOLORNAME+1],follower[17],mapname[255],*n,*pdemoname;
+	char skin[17],color[MAXCOLORNAME+1],follower[17],mapname[MAXMAPLUMPNAME],*n,*pdemoname;
 	UINT8 version,subversion;
 	UINT32 randseed;
 	char msg[1024];
@@ -3146,7 +3145,7 @@ void G_AddGhost(char *defdemoname)
 {
 	INT32 i;
 	lumpnum_t l;
-	char name[17],skin[17],color[MAXCOLORNAME+1],discard[255],*n,*pdemoname,md5[16];
+	char name[17],skin[17],color[MAXCOLORNAME+1],*n,*pdemoname,md5[16];
 	demoghost *gh;
 	UINT8 flags;
 	UINT8 *buffer,*p;
@@ -3235,7 +3234,7 @@ void G_AddGhost(char *defdemoname)
 	} p += 4; // "PLAY"
 
 
-	READSTRINGN(p, discard, sizeof(discard)); // gamemap
+	SKIPSTRING(p); // gamemap
 	p += 16; // mapmd5 (possibly check for consistency?)
 
 	flags = READUINT8(p);
@@ -3431,7 +3430,6 @@ void G_UpdateStaffGhostName(lumpnum_t l)
 	UINT8 *buffer,*p;
 	UINT16 ghostversion;
 	UINT8 flags;
-	char discard[255];
 
 	buffer = p = W_CacheLumpNum(l, PU_CACHE);
 
@@ -3465,7 +3463,7 @@ void G_UpdateStaffGhostName(lumpnum_t l)
 	}
 
 	p += 4; // "PLAY"
-	READSTRINGN(p, discard, sizeof(discard)); // gamemap
+	SKIPSTRING(p); // gamemap
 	p += 16; // mapmd5 (possibly check for consistency?)
 
 	flags = READUINT8(p);
diff --git a/src/g_game.c b/src/g_game.c
index 7d75245e1..cbd3f7db8 100644
--- a/src/g_game.c
+++ b/src/g_game.c
@@ -4227,7 +4227,7 @@ void G_LoadGameData(void)
 
 	for (i = 0; i < numgamedatamapheaders; i++)
 	{
-		char mapname[255];
+		char mapname[MAXMAPLUMPNAME];
 		INT16 mapnum;
 		tic_t rectime;
 		tic_t reclap;
@@ -4297,7 +4297,7 @@ void G_SaveGameData(void)
 		return; // If never loaded (-nodata), don't save
 
 	length = (4+4+4+1+(MAXEMBLEMS)+MAXEXTRAEMBLEMS+MAXUNLOCKABLES+MAXCONDITIONSETS+4+4);
-	length += nummapheaders * (255+1+4+4);
+	length += nummapheaders * (MAXMAPLUMPNAME+1+4+4);
 
 	save_p = savebuffer = (UINT8 *)malloc(length);
 	if (!save_p)
@@ -4366,7 +4366,7 @@ void G_SaveGameData(void)
 	for (i = 0; i < nummapheaders; i++) // nummapheaders * (255+1+4+4)
 	{
 		// For figuring out which header to assing it to on load
-		WRITESTRINGN(save_p, mapheaderinfo[i]->lumpname, 255);
+		WRITESTRINGN(save_p, mapheaderinfo[i]->lumpname, MAXMAPLUMPNAME);
 
 		WRITEUINT8(save_p, (mapheaderinfo[i]->mapvisited & MV_MAX));