From 1a16502a69c16878930ca740f33d292ea9ca976e Mon Sep 17 00:00:00 2001 From: "R. Timothy Edwards" Date: Mon, 25 May 2026 14:39:12 -0400 Subject: [PATCH] Fixed a potential string overrun crash condition when doing "getnode", as there is no limit on the length of a hierarchical node name, and no check on the string length when copying back into a fixed-length character array. --- sim/SimDBstuff.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sim/SimDBstuff.c b/sim/SimDBstuff.c index bc294f6d..8ae21aa4 100644 --- a/sim/SimDBstuff.c +++ b/sim/SimDBstuff.c @@ -93,7 +93,7 @@ SimConnectFunc( TileType loctype, ctype; TileType newdinfo = 0; int i, pNum; - static char nodeName[256]; + static char nodeName[MAXPATHNAME]; CellDef *def; TerminalPath *tpath = cx->tc_filter->tf_tpath; @@ -133,7 +133,8 @@ SimConnectFunc( char c = *n; SigDisableInterrupts(); - strcpy(nodeName, SimGetNodeName(cx->tc_scx, tile, dinfo, tpath->tp_first)); + strncpy(nodeName, SimGetNodeName(cx->tc_scx, tile, dinfo, tpath->tp_first), + MAXPATHNAME); SigEnableInterrupts(); *n = c;