From b0ebe3b82cd2f579a6e68092fefd30b3a7860b5f Mon Sep 17 00:00:00 2001
From: Kp <kp@valhallalegends.com>
Date: Sun, 9 Oct 2022 23:15:20 +0000
Subject: [PATCH] Tighten change_filename_extension handling of overflow

---
 common/misc/strutil.cpp | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/common/misc/strutil.cpp b/common/misc/strutil.cpp
index 7825da66c..4e787cef5 100644
--- a/common/misc/strutil.cpp
+++ b/common/misc/strutil.cpp
@@ -135,23 +135,17 @@ void removeext(const char *const filename, std::array<char, 20> &out)
 	memcpy(out.data(), filename, copy_len);
 }
 
-
 //give a filename a new extension, won't append if strlen(dest) > 8 chars.
 void change_filename_extension(const std::span<char> dest, const char *const src, const std::span<const char, 4> ext)
 {
-	char *p;
-	
-	strcpy(dest.data(), src);
-	p = strrchr(dest.data(), '.');
-	if (!p) {
-		if (strlen(dest.data()) > FILENAME_LEN - 5)
-			return;	// a non-opened file is better than a bad memory access
-		
-		p = dest.data() + strlen(dest.data());
-		*p = '.';
+	const char *const p = strrchr(src, '.');
+	const std::size_t src_dist_to_last_dot = p ? std::distance(src, p) : strlen(src);
+	if (src_dist_to_last_dot + 1 + ext.size() > dest.size())
+	{
+		dest.front() = 0;
+		return;	// a non-opened file is better than a bad memory access
 	}
-	
-	strcpy(p + 1, ext.data());
+	std::snprintf(dest.data(), dest.size(), "%.*s.%s", static_cast<int>(src_dist_to_last_dot), src, ext.data());
 }
 
 splitpath_t d_splitpath(const char *name)