Hi DOSBox developers,

I found a memory corruption bug in DOS_Shell::CMD_DELETE and DOS_Shell::CMD_DIR via the ExpandDot function. ExpandDot uses `strcpy` without a size limit and so the stack can be smashed.

https://github.com/Henne/dosbox-svn/blob/mast … l_cmds.cpp#L192

Indeed if you run the command DELETE <"A" 600ish times> you get a segfault.
The proposed fix is to use strncpy in ExpandDot with CROSS_LEN as the length.

Cheers,
Daniel