DavidGriffith
commented
8 years ago This is going to need a lot of work. You used strcpy(), on user-supplied text. This is something that's a common source of exploits. Supplying a filename for a file that does not exist crashes the VM. I'm not sure I feel safe about what you're doing with f_setup.tmp_save_name.
I think there may be a few things that will need to be adjusted before this gets merged. These changes only take effect for the curses version. While dos and the sdl variants of these functions should not be broken.