From d10bb2013313f025057899de4b4df563cf11ed7b Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Thu, 18 Jul 2024 01:42:26 +0200
Subject: RemoveHistGame: check the return of fgets() and sscanf()

---
 FICS/gamedb.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/FICS/gamedb.c b/FICS/gamedb.c
index 2c4511b..4f58ddf 100644
--- a/FICS/gamedb.c
+++ b/FICS/gamedb.c
@@ -1543,17 +1543,26 @@ RemoveHistGame(char *file, int maxlines)
 {
 	FILE		*fp;
 	char		 GameFile[MAX_FILENAME_SIZE] = { '\0' };
-	char		 Opponent[MAX_LOGIN_NAME] = { '\0' };
+	char		 Opponent[MAX_LOGIN_NAME + 1] = { '\0' };
 	char		 line[MAX_LINE_SIZE] = { '\0' };
 	int		 count = 0;
 	long int	 When, oppWhen;
 
-	if ((fp = fopen(file, "r")) == NULL)
+	_Static_assert(20 < ARRAY_SIZE(Opponent));
+
+	if ((fp = fopen(file, "r")) == NULL) {
+		return;
+	} else if (fgets(line, ARRAY_SIZE(line), fp) == NULL) {
+		warnx("%s: fgets error (file: %s)", __func__, file);
+		fclose(fp);
 		return;
+	} else if (sscanf(line, "%*d %*c %*d %*c %*d %20s %*s %*d %*d %*d "
+	    "%*d %*s %*s %ld", Opponent, &When) != 2) {
+		warnx("%s: unexpected initial line (file: %s)", __func__, file);
+		fclose(fp);
+		return;
+	}
 
-	fgets(line, ARRAY_SIZE(line), fp);
-	sscanf(line, "%*d %*c %*d %*c %*d %s %*s %*d %*d %*d %*d %*s %*s %ld",
-	    Opponent, &When);
 	count++;
 
 	while (!feof(fp)) {
-- 
cgit v1.2.3