This patch was originally posted in the comments to SF#1652513, but I'm reposting it here, to avoid it being lost.
The Filefinder::find method uses an internal buffer of 512 chars which is strcpy'd to the destination buffer. Sometimes, however, the given destination buffer is only 256 bytes (proto_xboard.cc:1116, help.cc:201), so an overlong path can overflow the destination and cause a crash. This patch avoids the overflow, and properly returns failure when the result is truncutated. In addition, it changes Filefinder::find's semantic to be more like the str*cpy functions, since it is very similiar (copying a string based on the source to the pre-existing destination variable). The patch applies to CVS head.