load_ratings: check for truncation

author: Markus Uhlin <markus@nifty-networks.net> 2026-03-11 12:09:58 +0100
committer: Markus Uhlin <markus@nifty-networks.net> 2026-03-11 12:09:58 +0100
commit: 5336b9e28f7887cb0e6f0053a3c347402150d5fd (patch)
tree: f8b0ab7db6ae253ddf1c4124fea7c9a20cfce40c
parent: 7c8bc15f72b5d73003ee1a931212088bc7d072ff (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/FICS/ratings.c b/FICS/ratings.c
index d1d10d8..862fdd4 100644
--- a/FICS/ratings.c
+++ b/FICS/ratings.c
@@ -58,6 +58,7 @@
 #include "ficsmain.h"
 #include "gamedb.h"
 #include "lists.h"
+#include "maxxes-utils.h"
 #include "playerdb.h"
 #include "ratings.h"
 #include "utils.h"
@@ -339,9 +340,14 @@ load_ratings(void)
 {
 	FILE	*fp;
 	char	 fname[MAX_FILENAME_SIZE] = { '\0' };
+	int	 ret;
 
-	snprintf(fname, sizeof fname, "%s/newratingsV%d_data", stats_dir,
+	ret = snprintf(fname, sizeof fname, "%s/newratingsV%d_data", stats_dir,
 	    STATS_VERSION);
+	if (is_too_long(ret, sizeof fname)) {
+		warnx("%s: too long filename", __func__);
+		return;
+	}
 
 	if ((fp = fopen(fname, "r")) == NULL) {
 		warn("%s: can't read ratings data", __func__);
@@ -363,8 +369,6 @@ load_ratings(void)
 	}
 
 	for (int i = 0; i < MAXHIST && !feof(fp) && !ferror(fp); i++) {
-		int ret;
-
 		sHist[i] = bHist[i] = wHist[i] = lHist[i] = 0;
 
 		ret = fscanf(fp, "%d %d %d %d", &sHist[i], &bHist[i], &wHist[i],
author	Markus Uhlin <markus@nifty-networks.net>	2026-03-11 12:09:58 +0100
committer	Markus Uhlin <markus@nifty-networks.net>	2026-03-11 12:09:58 +0100
commit	5336b9e28f7887cb0e6f0053a3c347402150d5fd (patch)
tree	f8b0ab7db6ae253ddf1c4124fea7c9a20cfce40c
parent	7c8bc15f72b5d73003ee1a931212088bc7d072ff (diff)