From 6e1725d4e5bb576ab3d906206d330b8f51268070 Mon Sep 17 00:00:00 2001
From: zicodxx <zicodxx@yahoo.de>
Date: Mon, 1 Nov 2010 17:47:26 +0100
Subject: [PATCH] Increased buffer for fname2 in load_briefing_screen,
 preventing buffer overflow in case replacement filenames are longer than
 DOS-style

---
 CHANGELOG.txt | 1 +
 main/titles.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index eb5b19928..82664a082 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -3,6 +3,7 @@ D1X-Rebirth Changelog
 20101101
 --------
 main/newmenu.c: In case listbox strings are too long for screen, fit box width to screen width, shorten strings and add a scroll effect to selected item
+main/titles.c: Increased buffer for fname2 in load_briefing_screen, preventing buffer overflow in case replacement filenames are longer than DOS-style
 
 20101030
 --------
diff --git a/main/titles.c b/main/titles.c
index 388c7eef7..c1595de9a 100644
--- a/main/titles.c
+++ b/main/titles.c
@@ -889,8 +889,8 @@ int load_briefing_screen(briefing *br, char *fname)
 
 	free_briefing_screen(br);
 
-	MALLOC(fname2, char, FILENAME_LEN);
-	snprintf(fname2, sizeof(char)*FILENAME_LEN, "%s", fname);
+	MALLOC(fname2, char, PATH_MAX);
+	snprintf(fname2, sizeof(char)*PATH_MAX, "%s", fname);
 	MALLOC(forigin, char, PATH_MAX);
 	snprintf(forigin, sizeof(char)*PATH_MAX, "%s", PHYSFS_getRealDir(fname));
 	strlwr(forigin);