From 252f2f87b7cec904d50c2d4ffdb09bf7cd7a17d3 Mon Sep 17 00:00:00 2001
From: Allanis <allanis@saracraft.net>
Date: Mon, 19 May 2014 19:54:12 +0100
Subject: [PATCH] [Fix] Avoid possible out of bounds memory access.

---
 src/ai.c    | 4 +++-
 src/music.c | 4 +++-
 src/sound.c | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/ai.c b/src/ai.c
index 7cf0882..60bf261 100644
--- a/src/ai.c
+++ b/src/ai.c
@@ -389,7 +389,9 @@ int ai_init(void) {
   suflen = strlen(AI_SUFFIX);
   for(i = 0; i < nfiles; i++) {
     flen = strlen(files[i]);
-    if(strncmp(&files[i][flen-suflen], AI_SUFFIX, suflen)==0) {
+    if((flen > suflen) &&
+        strncmp(&files[i][flen-suflen], AI_SUFFIX, suflen)==0) {
+
       snprintf(path, PATH_MAX, AI_PREFIX"%s", files[i]);
       if(ai_loadProfile(path)) /* Load the profile. */
         WARN("Error loading AI profile '%s'", path);
diff --git a/src/music.c b/src/music.c
index 0ba7016..ed34dec 100644
--- a/src/music.c
+++ b/src/music.c
@@ -180,7 +180,9 @@ static int music_find(void) {
   suflen = strlen(MUSIC_SUFFIX);
   for(i = 0; i < nfiles; i++) {
     flen = strlen(files[i]);
-    if(strncmp(&files[i][flen - suflen], MUSIC_SUFFIX, suflen)==0) {
+    if((flen > suflen) &&
+        strncmp(&files[i][flen - suflen], MUSIC_SUFFIX, suflen)==0) {
+
       /* Grow the selection size. */
       nmusic_selection++;
       if(nmusic_selection > mem) {
diff --git a/src/sound.c b/src/sound.c
index f3976a3..0368b32 100644
--- a/src/sound.c
+++ b/src/sound.c
@@ -442,8 +442,8 @@ static int sound_makeList(void) {
   suflen = strlen(SOUND_SUFFIX);
   for(i = 0; i < nfiles; i++) {
     flen = strlen(files[i]);
-    if(strncmp(&files[i][flen - suflen],
-          SOUND_SUFFIX, suflen)==0) {
+    if((flen > suflen) &&
+        strncmp(&files[i][flen - suflen], SOUND_SUFFIX, suflen)==0) {
 
       /* Expand the selection size. */
       sound_nlist++;