From ba8076b142b59a6a7a4e48089d6b8edc4f13aeda Mon Sep 17 00:00:00 2001
From: PatR <rankin@nethack.org>
Date: Sat, 18 Jan 2025 18:04:09 -0800
Subject: [PATCH] static ananlyzer issue for alloc.c

Verifying that strlen(string) isn't too long, then allocating and
copying strlen(string)+1 draws a complaint about strcpy() overflowing
its output buffer.

Not an issue for regular play, but could matter for config file and
sysconf manipulation.
---
 src/alloc.c          | 14 +++++++++++---
 win/share/tile2bmp.c |  4 +---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/alloc.c b/src/alloc.c
index f8f89a952..72faa160b 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -1,4 +1,4 @@
-/* NetHack 3.7	alloc.c	$NHDT-Date: 1706213795 2024/01/25 20:16:35 $  $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.34 $ */
+/* NetHack 3.7	alloc.c	$NHDT-Date: 1737281026 2025/01/19 02:03:46 $  $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.38 $ */
 /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
 /*-Copyright (c) Robert Patrick Rankin, 2012. */
 /* NetHack may be freely redistributed.  See license for details. */
@@ -221,6 +221,10 @@ nhdupstr(const char *string, const char *file, int line)
     /* we've got some info about the caller, so use it instead of __func__ */
     unsigned len = FITSuint_(strlen(string), file, line);
 
+    if (FITSuint(len + 1, file, line) < len)
+        panic("nhdupstr: string length overflow, line %d of %s",
+              line, file);
+
     return strcpy((char *) nhalloc(len + 1, file, line), string);
 }
 #undef dupstr
@@ -233,7 +237,11 @@ nhdupstr(const char *string, const char *file, int line)
 char *
 dupstr(const char *string)
 {
-    unsigned len = FITSuint_(strlen(string), __func__, (int) __LINE__);
+    size_t len = strlen(string);
+
+    /* make sure len+1 doesn't overflow plain unsigned (for alloc()) */
+    if (len > (unsigned) (~0U - 1U))
+        panic("dupstr: string length overflow");
 
     return strcpy((char *) alloc(len + 1), string);
 }
@@ -245,7 +253,7 @@ dupstr_n(const char *string, unsigned int *lenout)
     size_t len = strlen(string);
 
     if (len >= LARGEST_INT)
-        panic("string too long");
+        panic("dupstr_n: string too long");
     *lenout = (unsigned int) len;
     return strcpy((char *) alloc(len + 1), string);
 }
diff --git a/win/share/tile2bmp.c b/win/share/tile2bmp.c
index 10561a2e7..4b7312aff 100644
--- a/win/share/tile2bmp.c
+++ b/win/share/tile2bmp.c
@@ -1,4 +1,4 @@
-/* NetHack 3.7	tile2bmp.c	$NHDT-Date: 1596498340 2020/08/03 23:45:40 $  $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.32 $ */
+/* NetHack 3.7	tile2bmp.c	$NHDT-Date: 1737281026 2025/01/19 02:03:46 $  $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.51 $ */
 /*   Copyright (c) NetHack PC Development Team 1995                 */
 /*   NetHack may be freely redistributed.  See license for details. */
 
@@ -60,8 +60,6 @@ lelong(int32_t x)
 #endif
 }
 
-unsigned FITSuint_(unsigned long long, const char *, int);
-
 #ifdef __GNUC__
 typedef struct tagBMIH {
     uint32_t biSize;