From 8eb3200286d523379295143ce3f44d77ce036d4b Mon Sep 17 00:00:00 2001 From: Simon Howard Date: Tue, 1 Apr 2014 20:43:45 -0400 Subject: Replace all snprintf() calls with M_snprintf(). The Windows API has an _snprintf function that is not the same as Unix's snprintf(): if the string is truncated then no trailing NUL character is appended. This makes the function unsafe. Define a replacement/wrapper called M_snprintf that works the same but always appends a trailing NUL, for safety on Windows and other OSes that behave like this. Do the same thing for vsnprintf(), and update HACKING to list snprintf/vsnprintf as forbidden functions. This fixes #375; thanks to Quasar for pointing out the different behavior of these functions. --- src/doom/am_map.c | 5 +++-- src/doom/d_main.c | 6 +++--- src/doom/g_game.c | 10 +++++----- src/doom/hu_stuff.c | 4 ++-- src/doom/p_saveg.c | 6 +++--- src/doom/s_sound.c | 3 ++- src/doom/st_stuff.c | 9 +++++---- 7 files changed, 23 insertions(+), 20 deletions(-) (limited to 'src/doom') diff --git a/src/doom/am_map.c b/src/doom/am_map.c index b7bfd3bd..d920823f 100644 --- a/src/doom/am_map.c +++ b/src/doom/am_map.c @@ -38,6 +38,7 @@ #include "m_cheat.h" #include "m_controls.h" +#include "m_misc.h" #include "i_system.h" // Needs access to LFB. @@ -689,8 +690,8 @@ AM_Responder } else if (key == key_map_mark) { - snprintf(buffer, sizeof(buffer), "%s %d", - DEH_String(AMSTR_MARKEDSPOT), markpointnum); + M_snprintf(buffer, sizeof(buffer), "%s %d", + DEH_String(AMSTR_MARKEDSPOT), markpointnum); plr->message = buffer; AM_addMark(); } diff --git a/src/doom/d_main.c b/src/doom/d_main.c index 0cdb83d4..2a4fe236 100644 --- a/src/doom/d_main.c +++ b/src/doom/d_main.c @@ -384,7 +384,7 @@ void D_BindVariables(void) { char buf[12]; - snprintf(buf, sizeof(buf), "chatmacro%i", i); + M_snprintf(buf, sizeof(buf), "chatmacro%i", i); M_BindVariable(buf, &chat_macros[i]); } } @@ -669,8 +669,8 @@ static char *GetGameName(char *gamename) gamename_size = strlen(deh_sub) + 10; gamename = Z_Malloc(gamename_size, PU_STATIC, 0); version = G_VanillaVersionCode(); - snprintf(gamename, gamename_size, deh_sub, - version / 100, version % 100); + M_snprintf(gamename, gamename_size, deh_sub, + version / 100, version % 100); while (gamename[0] != '\0' && isspace(gamename[0])) { diff --git a/src/doom/g_game.c b/src/doom/g_game.c index 034bb3ef..8dca36d9 100644 --- a/src/doom/g_game.c +++ b/src/doom/g_game.c @@ -915,8 +915,8 @@ void G_Ticker (void) { static char turbomessage[80]; extern char *player_names[4]; - snprintf(turbomessage, sizeof(turbomessage), - "%s is turbo!", player_names[i]); + M_snprintf(turbomessage, sizeof(turbomessage), + "%s is turbo!", player_names[i]); players[consoleplayer].message = turbomessage; turbodetected[i] = false; } @@ -1949,7 +1949,7 @@ void G_RecordDemo (char *name) usergame = false; demoname_size = strlen(name) + 5; demoname = Z_Malloc(demoname_size, PU_STATIC, NULL); - snprintf(demoname, demoname_size, "%s.lmp", name); + M_snprintf(demoname, demoname_size, "%s.lmp", name); maxsize = 0x20000; //! @@ -2076,8 +2076,8 @@ static char *DemoVersionDescription(int version) } else { - snprintf(resultbuf, sizeof(resultbuf), - "%i.%i (unknown)", version / 100, version % 100); + M_snprintf(resultbuf, sizeof(resultbuf), + "%i.%i (unknown)", version / 100, version % 100); return resultbuf; } } diff --git a/src/doom/hu_stuff.c b/src/doom/hu_stuff.c index 8ea3912e..dd72e63f 100644 --- a/src/doom/hu_stuff.c +++ b/src/doom/hu_stuff.c @@ -627,8 +627,8 @@ boolean HU_Responder(event_t *ev) // static unsigned char buf[20]; // DEBUG HU_queueChatChar(c); - // snprintf(buf, sizeof(buf), "KEY: %d => %d", ev->data1, c); - // plr->message = buf; + // M_snprintf(buf, sizeof(buf), "KEY: %d => %d", ev->data1, c); + // plr->message = buf; } if (c == KEY_ENTER) { diff --git a/src/doom/p_saveg.c b/src/doom/p_saveg.c index 5fa70fea..a2f954a3 100644 --- a/src/doom/p_saveg.c +++ b/src/doom/p_saveg.c @@ -79,7 +79,7 @@ char *P_SaveGameFile(int slot) } DEH_snprintf(basename, 32, SAVEGAMENAME "%d.dsg", slot); - snprintf(filename, filename_size, "%s%s", savegamedir, basename); + M_snprintf(filename, filename_size, "%s%s", savegamedir, basename); return filename; } @@ -1363,7 +1363,7 @@ void P_WriteSaveGameHeader(char *description) saveg_write8(0); memset(name, 0, sizeof(name)); - snprintf(name, sizeof(name), "version %i", G_VanillaVersionCode()); + M_snprintf(name, sizeof(name), "version %i", G_VanillaVersionCode()); for (i=0; ilumpnum) { - snprintf(namebuf, sizeof(namebuf), "d_%s", DEH_String(music->name)); + M_snprintf(namebuf, sizeof(namebuf), "d_%s", DEH_String(music->name)); music->lumpnum = W_GetNumForName(namebuf); } diff --git a/src/doom/st_stuff.c b/src/doom/st_stuff.c index b9d9aefd..d00eeba1 100644 --- a/src/doom/st_stuff.c +++ b/src/doom/st_stuff.c @@ -33,6 +33,7 @@ #include "i_system.h" #include "i_video.h" #include "z_zone.h" +#include "m_misc.h" #include "m_random.h" #include "w_wad.h" @@ -598,10 +599,10 @@ ST_Responder (event_t* ev) else if (cht_CheckCheat(&cheat_mypos, ev->data2)) { static char buf[ST_MSGWIDTH]; - snprintf(buf, sizeof(buf), "ang=0x%x;x,y=(0x%x,0x%x)", - players[consoleplayer].mo->angle, - players[consoleplayer].mo->x, - players[consoleplayer].mo->y); + M_snprintf(buf, sizeof(buf), "ang=0x%x;x,y=(0x%x,0x%x)", + players[consoleplayer].mo->angle, + players[consoleplayer].mo->x, + players[consoleplayer].mo->y); plyr->message = buf; } } -- cgit v1.2.3