From fd637339397511167ed3eb6a7c9ce781fff9db46 Mon Sep 17 00:00:00 2001
From: CanerKaraca23 <37447503+CanerKaraca23@users.noreply.github.com>
Date: Fri, 3 Apr 2026 20:18:45 +0000
Subject: [PATCH] fix(security): replace unsafe strcpy with RwTextureSetName
 and add null check in LicensePlate

This change addresses a potential buffer overflow by replacing the unsafe
`strcpy` function with the official RenderWare `RwTextureSetName` API.
Additionally, it adds a null check for `m_Plates[i]` to prevent crashes
if any texture fails to load.
---
 src/features/plate.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/features/plate.cpp b/src/features/plate.cpp
index 10ddc37c..a8e68748 100755
--- a/src/features/plate.cpp
+++ b/src/features/plate.cpp
@@ -75,10 +75,13 @@ bool __cdecl LicensePlate::CCustomCarPlateMgr_Initialise()
 
     for (int i = 0; i < ePlateType::TOTAL_SZ; i++)
     {
-        strcpy(m_Plates[i]->name, "carpback\0");
-        RwTextureSetAddressingU(m_Plates[i], rwFILTERMIPNEAREST);
-        RwTextureSetAddressingV(m_Plates[i], rwFILTERMIPNEAREST);
-        RwTextureSetFilterMode(m_Plates[i], rwFILTERLINEAR);
+        if (m_Plates[i])
+        {
+            RwTextureSetName(m_Plates[i], "carpback");
+            RwTextureSetAddressingU(m_Plates[i], rwFILTERMIPNEAREST);
+            RwTextureSetAddressingV(m_Plates[i], rwFILTERMIPNEAREST);
+            RwTextureSetFilterMode(m_Plates[i], rwFILTERLINEAR);
+        }
     }
     pCharsetLockedData = RwRasterLock(RwTextureGetRaster(pCharSetTex), 0, rwRASTERLOCKREAD);
     return pCharsetLockedData != 0;