From 869ad3892a06b690ec616a8a41221562ab9d7db3 Mon Sep 17 00:00:00 2001
From: pizzahut2 <pizzahut2@users.noreply.github.com>
Date: Fri, 21 Nov 2025 15:40:29 +0100
Subject: [PATCH 1/2] Potential fix for "CHudTextMessage::LocaliseTextString"
 in "cl_dll/text_message.cpp"

This might solve https://github.com/ValveSoftware/halflife/issues/3956
---
 cl_dll/text_message.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cl_dll/text_message.cpp b/cl_dll/text_message.cpp
index 680ba251e..1338b1aa5 100644
--- a/cl_dll/text_message.cpp
+++ b/cl_dll/text_message.cpp
@@ -72,17 +72,17 @@ char *CHudTextMessage::LocaliseTextString( const char *msg, char *dst_buffer, in
 			}
 
 			// copy string into message over the msg name
-			for ( char *wsrc = (char*)clmsg->pMessage; *wsrc != 0; wsrc++, dst++ )
+			for ( char *wsrc = (char*)clmsg->pMessage; *wsrc != 0 && buffer_size > 0; wsrc++, dst++, buffer_size-- )
 			{
 				*dst = *wsrc;
 			}
-			*dst = 0;
+			if ( buffer_size >= 1 ) *dst = 0; // The buffer_size has already been decreased at this point, so 1 character left is sufficient. No else case is needed because for this case (end of buffer) null termination is ensured at the end of this function.
 		}
 		else
 		{
 			*dst = *src;
 			dst++, src++;
-			*dst = 0;
+			if ( buffer_size >= 2 ) *dst = 0; // This is the 2nd byte written. No else case is needed because for this case (end of buffer) null termination is ensured at the end of this function.
 		}
 	}
 

From 171713bf41a74a3019a4638d2dbabcb10d500b68 Mon Sep 17 00:00:00 2001
From: pizzahut2 <pizzahut2@users.noreply.github.com>
Date: Sun, 30 Nov 2025 13:48:05 +0100
Subject: [PATCH 2/2] Update text_message.cpp

More precise comments
---
 cl_dll/text_message.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cl_dll/text_message.cpp b/cl_dll/text_message.cpp
index 1338b1aa5..b0c8a097b 100644
--- a/cl_dll/text_message.cpp
+++ b/cl_dll/text_message.cpp
@@ -76,13 +76,13 @@ char *CHudTextMessage::LocaliseTextString( const char *msg, char *dst_buffer, in
 			{
 				*dst = *wsrc;
 			}
-			if ( buffer_size >= 1 ) *dst = 0; // The buffer_size has already been decreased at this point, so 1 character left is sufficient. No else case is needed because for this case (end of buffer) null termination is ensured at the end of this function.
+			if ( buffer_size >= 1 ) *dst = 0; // The buffer_size has already been decreased by the amount of data written, so 1 character left is sufficient. No else case is needed because for this case (end of buffer) zero termination is ensured at the end of this function.
 		}
 		else
 		{
 			*dst = *src;
 			dst++, src++;
-			if ( buffer_size >= 2 ) *dst = 0; // This is the 2nd byte written. No else case is needed because for this case (end of buffer) null termination is ensured at the end of this function.
+			if ( buffer_size >= 2 ) *dst = 0; // This is the 2nd byte written. No else case is needed because for this case (end of buffer) zero termination is ensured at the end of this function.
 		}
 	}