If you open and close the system menu several times then try to reopen it, the line x = strchr( resolutions[r], 'x' ) + 1; can/will be a null pointer and thus the following line of Q_strncpyz( str, resolutions[r], x-resolutions[r] ); results in a destsize being < 1.
Created attachment 2794[details]
Fix for overflowing memory in GraphicsOptions_GetAspectRatios
This patch goes to my quake3++ friend/owner, Roughael.
Why code was broken/needed fixing:
"After the ratios had been calculated, some ratios would have been replaced with known ratios.
this would modify the original ratioBuf value. So the next time GraphicsOptions_GetAspectRatios was called and a ratio was calculated,
it would check if the ratio was already in the list, but it couldn't find it, since it had been replaced by the known ratio.
When this happened a few times, it would overflow ratioBuf by going beyond MAX_RESOLUTIONS, writing into other memory"
Created attachment 2794 [details] Fix for overflowing memory in GraphicsOptions_GetAspectRatios This patch goes to my quake3++ friend/owner, Roughael. Why code was broken/needed fixing: "After the ratios had been calculated, some ratios would have been replaced with known ratios. this would modify the original ratioBuf value. So the next time GraphicsOptions_GetAspectRatios was called and a ratio was calculated, it would check if the ratio was already in the list, but it couldn't find it, since it had been replaced by the known ratio. When this happened a few times, it would overflow ratioBuf by going beyond MAX_RESOLUTIONS, writing into other memory"