Subj : src/sbbs3/writemsg.cpp
To   : Git commit to main/sbbs/master
From : Rob Swindell (on Windows)
Date : Thu Apr 13 2023 06:45 pm

https://gitlab.synchro.net/main/sbbs/-/commit/ff3864002e9a51e98b1c83f5
Modified Files:
	src/sbbs3/writemsg.cpp
Log Message:
Bounds-check the buffer being written in msgeditor()

Replace the suspicious strcpy/strcat's in msgeditor(), the built-in line
editor, with bounds-enforced snprintf() calls.
Also, properly define MAX_LINE_LEN to account for the trailing \r\n on each
line. It appears we've been under allocating the total possible message buffer
size (by 2 bytes per line) for a while now.
These 2 changes together should fix issue #547: apparent heap corruption due
to 'buf' overflow in msgeditor().
Also added a line count check/cap-enforcement with logged error message if
exceeded (should never happen).

Also fixed in this commit: off-by-one when enforcing max message length in
msgeditor().

Also added checks that the 'cols' (used in MAX_LINE_LEN) are reasonable values
(40+), 2 was below the threshold of what would be expected to work since
there is logic that deducts 4 from cols, for example.

.