quake is littered with fscanf and as a certain comment inside the source points out its pure evil, so what can we do about it.
one way is changing things to use fgets and sscanf.
fgets to make sure the buffer doesnt overflow by checking buffersize.
or simply keep fscanf and do it like this.
say you have a buffer of size 10
fscanf (buffer, %9s, whatever); will newer overflow since the size is 9 + terminator = 10
you can also use sizeof(buffer) if youre not sure about its size (pointer or otherwise).
old members probably allready know this so look away