From 77db9831e8797315c914ab15893c54e0bb458584 Mon Sep 17 00:00:00 2001
From: Graham Gower <graham.gower@gmail.com>
Date: Sat, 11 May 2024 18:31:03 +0930
Subject: [PATCH 1/2] Fix buffer overrun for audio files with 8 char names

Closes #376.
---
 src/lips.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lips.cc b/src/lips.cc
index 411c8b39..38b8ed22 100644
--- a/src/lips.cc
+++ b/src/lips.cc
@@ -1,5 +1,6 @@
 #include "lips.h"
 
+#include <assert.h>
 #include <stdio.h>
 #include <string.h>
 
@@ -71,7 +72,9 @@ static char _tmp_str[50];
 // 0x47AAC0
 static char* _lips_fix_string(const char* fileName, size_t length)
 {
+    assert(length < sizeof(_tmp_str));
     strncpy(_tmp_str, fileName, length);
+    _tmp_str[length] = '\0';
     return _tmp_str;
 }
 
@@ -261,7 +264,7 @@ int lipsLoad(const char* audioFileName, const char* headFileName)
         *sep = '\0';
     }
 
-    strcpy(gLipsData.field_50, v60);
+    strncpy(gLipsData.field_50, v60, sizeof(gLipsData.field_50));
 
     strcat(path, _lips_fix_string(gLipsData.field_50, sizeof(gLipsData.field_50)));
     strcat(path, ".");

From 56ac678a4dd3d8e0faf79874855a1f94d15c5e94 Mon Sep 17 00:00:00 2001
From: Alexander Batalov <alex.batalov@gmail.com>
Date: Mon, 13 Jan 2025 19:58:00 +0300
Subject: [PATCH 2/2] Clarify lips_fix_string

---
 src/lips.cc | 34 ++++++++++++++++------------------
 src/lips.h  |  2 +-
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/src/lips.cc b/src/lips.cc
index 38b8ed22..6b640a55 100644
--- a/src/lips.cc
+++ b/src/lips.cc
@@ -1,6 +1,5 @@
 #include "lips.h"
 
-#include <assert.h>
 #include <stdio.h>
 #include <string.h>
 
@@ -16,7 +15,7 @@
 
 namespace fallout {
 
-static char* _lips_fix_string(const char* fileName, size_t length);
+static char* lips_fix_string(const char* fileName, size_t length);
 static int lipsReadV1(LipsData* a1, File* stream);
 static int _lips_make_speech();
 
@@ -66,16 +65,15 @@ static int _speechStartTime = 0;
 // 0x613CA0
 static char _lips_subdir_name[14];
 
-// 0x613CAE
-static char _tmp_str[50];
-
 // 0x47AAC0
-static char* _lips_fix_string(const char* fileName, size_t length)
+static char* lips_fix_string(const char* fileName, size_t length)
 {
-    assert(length < sizeof(_tmp_str));
-    strncpy(_tmp_str, fileName, length);
-    _tmp_str[length] = '\0';
-    return _tmp_str;
+    // 0x613CAE
+    static char tmp_str[50];
+
+    strncpy(tmp_str, fileName, length);
+    tmp_str[length] = '\0';
+    return tmp_str;
 }
 
 // 0x47AAD8
@@ -215,7 +213,7 @@ static int lipsReadV1(LipsData* lipsData, File* stream)
     if (fileReadInt32(stream, &(lipsData->field_44)) == -1) return -1;
     if (fileReadInt32(stream, &(lipsData->field_48)) == -1) return -1;
     if (fileReadInt32(stream, &(lipsData->field_4C)) == -1) return -1;
-    if (fileReadFixedLengthString(stream, lipsData->field_50, 8) == -1) return -1;
+    if (fileReadFixedLengthString(stream, lipsData->file_name, 8) == -1) return -1;
     if (fileReadFixedLengthString(stream, lipsData->field_58, 4) == -1) return -1;
     if (fileReadFixedLengthString(stream, lipsData->field_5C, 4) == -1) return -1;
     if (fileReadFixedLengthString(stream, lipsData->field_60, 4) == -1) return -1;
@@ -238,7 +236,7 @@ int lipsLoad(const char* audioFileName, const char* headFileName)
 {
     char* sep;
     int i;
-    char v60[16];
+    char audioBaseName[16];
 
     SpeechMarker* speech_marker;
     SpeechMarker* prev_speech_marker;
@@ -257,16 +255,16 @@ int lipsLoad(const char* audioFileName, const char* headFileName)
         *sep = '\0';
     }
 
-    strcpy(v60, audioFileName);
+    strcpy(audioBaseName, audioFileName);
 
-    sep = strchr(v60, '.');
+    sep = strchr(audioBaseName, '.');
     if (sep != nullptr) {
         *sep = '\0';
     }
 
-    strncpy(gLipsData.field_50, v60, sizeof(gLipsData.field_50));
+    strncpy(gLipsData.file_name, audioBaseName, sizeof(gLipsData.file_name));
 
-    strcat(path, _lips_fix_string(gLipsData.field_50, sizeof(gLipsData.field_50)));
+    strcat(path, lips_fix_string(gLipsData.file_name, sizeof(gLipsData.file_name)));
     strcat(path, ".");
     strcat(path, gLipsData.field_60);
 
@@ -299,7 +297,7 @@ int lipsLoad(const char* audioFileName, const char* headFileName)
             if (fileReadInt32(stream, &(gLipsData.field_24)) == -1) return -1;
             if (fileReadInt32(stream, &(gLipsData.field_28)) == -1) return -1;
             if (fileReadInt32(stream, &(gLipsData.field_2C)) == -1) return -1;
-            if (fileReadFixedLengthString(stream, gLipsData.field_50, 8) == -1) return -1;
+            if (fileReadFixedLengthString(stream, gLipsData.file_name, 8) == -1) return -1;
             if (fileReadFixedLengthString(stream, gLipsData.field_58, 4) == -1) return -1;
         } else {
             debugPrint("\nError: Lips file WRONG version: %s!", path);
@@ -408,7 +406,7 @@ static int _lips_make_speech()
     }
 
     char path[COMPAT_MAX_PATH];
-    char* v1 = _lips_fix_string(gLipsData.field_50, sizeof(gLipsData.field_50));
+    char* v1 = lips_fix_string(gLipsData.file_name, sizeof(gLipsData.file_name));
     snprintf(path, sizeof(path), "%s%s\\%s.%s", "SOUND\\SPEECH\\", _lips_subdir_name, v1, "ACM");
 
     if (gLipsData.sound != nullptr) {
diff --git a/src/lips.h b/src/lips.h
index 99552f77..dd69ffe9 100644
--- a/src/lips.h
+++ b/src/lips.h
@@ -40,7 +40,7 @@ typedef struct LipsData {
     int field_44;
     int field_48;
     int field_4C;
-    char field_50[8];
+    char file_name[8];
     char field_58[4];
     char field_5C[4];
     char field_60[4];