From b5741da08e88e8dcc8da0a7669b92405b9862850 Mon Sep 17 00:00:00 2001
From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Mon, 17 Jan 2022 15:35:59 +0100
Subject: [PATCH] fix overflow on script_dec (#2052)

---
 src/bifs/script_dec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bifs/script_dec.c b/src/bifs/script_dec.c
index 36265cf0fd..c4cb67c198 100644
--- a/src/bifs/script_dec.c
+++ b/src/bifs/script_dec.c
@@ -72,13 +72,13 @@ static void SFS_AddString(ScriptParser *parser, char *str)
 	char *new_str;
 	if (!str) return;
 	if (strlen(parser->string) + strlen(str) >= parser->length) {
-		parser->length += PARSER_STEP_ALLOC;
+		parser->length = strlen(parser->string) + strlen(str) + PARSER_STEP_ALLOC;
 		new_str = (char *)gf_malloc(sizeof(char)*parser->length);
 		strcpy(new_str, parser->string);
 		gf_free(parser->string);
 		parser->string = new_str;
 	}
-	strcat(parser->string, str);
+	strncat(parser->string, str, parser->length - strlen(parser->string) - 1);
 }
 
 static void SFS_AddInt(ScriptParser *parser, s32 val)