Prevent possible buffer overflow

getlin() gets at most a BUFSZ string from user; make the buf big
enough to hold that _and_ the query itself.

diff --git a/src/dungeon.c b/src/dungeon.c
index 8c436e1c8cb0e437e16d97b11d4201ebd81eddd8..43f4afab156091601e7a682ea1c84b584d6777a8 100644 (file)
--- a/src/dungeon.c
+++ b/src/dungeon.c
@@ -1868,9 +1868,10 @@ donamelevel()
     if (!(mptr = find_mapseen(&u.uz))) return 0;
 
     if (mptr->custom) {
-       char qbuf[BUFSZ];
-       Sprintf(qbuf, "Replace annotation \"%s\" with?", mptr->custom);
-       getlin(qbuf, nbuf);
+       const char querystr[] = "Replace annotation \"%s\" with?";
+       char tmpbuf[BUFSZ + sizeof(querystr)];
+       Sprintf(tmpbuf, querystr, mptr->custom);
+       getlin(tmpbuf, nbuf);
     } else
        getlin("What do you want to call this dungeon level?", nbuf);
     if (index(nbuf, '\033')) return 0;