package-update/games/bsd-games/CVE-2006-1539.patch

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../bsd-games/CVE-2006-1539.patch
# Copyright (C) 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---

diff -Nur bsd-games-2.17-orig/tetris/scores.c bsd-games-2.17/tetris/scores.c
--- bsd-games-2.17-orig/tetris/scores.c	2004-01-27 20:52:07.000000000 +0000
+++ bsd-games-2.17/tetris/scores.c	2006-06-02 11:14:21.000000000 +0000
@@ -335,7 +335,8 @@
 				continue;
 			}
 		}
-		levelfound[sp->hs_level] = 1;
+        if (sp->hs_level < NLEVELS && sp->hs_level >= 0)
+    		levelfound[sp->hs_level] = 1;
 		i++, sp++;
 	}
 	return (num > MAXHISCORES ? MAXHISCORES : num);
@@ -374,12 +375,14 @@
 	for (i = MINLEVEL; i < NLEVELS; i++)
 		levelfound[i] = 0;
 	for (i = 0, sp = scores; i < nscores; i++, sp++) {
-		if (levelfound[sp->hs_level])
-			sp->hs_time = 0;
-		else {
-			sp->hs_time = 1;
-			levelfound[sp->hs_level] = 1;
-		}
+        if (sp->hs_level < NLEVELS && sp->hs_level >= 0) {
+    		if (levelfound[sp->hs_level])
+	    		sp->hs_time = 0;
+		    else {
+			    sp->hs_time = 1;
+		    	levelfound[sp->hs_level] = 1;
+		    }
+        }
 	}
 
 	/*
@@ -433,7 +436,7 @@
 				continue;
 			}
 			sp = &hs[item];
-			(void)sprintf(buf,
+			(void)snprintf(buf, sizeof(buf),
 			    "%3d%c %6d  %-11s (%6d on %d)",
 			    item + offset, sp->hs_time ? '*' : ' ',
 			    sp->hs_score * sp->hs_level,