From 8eb3200286d523379295143ce3f44d77ce036d4b Mon Sep 17 00:00:00 2001 From: Simon Howard Date: Tue, 1 Apr 2014 20:43:45 -0400 Subject: Replace all snprintf() calls with M_snprintf(). The Windows API has an _snprintf function that is not the same as Unix's snprintf(): if the string is truncated then no trailing NUL character is appended. This makes the function unsafe. Define a replacement/wrapper called M_snprintf that works the same but always appends a trailing NUL, for safety on Windows and other OSes that behave like this. Do the same thing for vsnprintf(), and update HACKING to list snprintf/vsnprintf as forbidden functions. This fixes #375; thanks to Quasar for pointing out the different behavior of these functions. --- src/strife/am_map.c | 5 +++-- src/strife/d_main.c | 6 +++--- src/strife/g_game.c | 16 ++++++++-------- src/strife/m_saves.c | 10 +++++----- src/strife/p_inter.c | 8 ++++---- src/strife/p_saveg.c | 7 ++++--- src/strife/p_user.c | 5 +++-- src/strife/s_sound.c | 2 +- src/strife/st_stuff.c | 11 ++++++----- 9 files changed, 37 insertions(+), 33 deletions(-) (limited to 'src/strife') diff --git a/src/strife/am_map.c b/src/strife/am_map.c index 05f8a519..b1336d20 100644 --- a/src/strife/am_map.c +++ b/src/strife/am_map.c @@ -32,6 +32,7 @@ #include "z_zone.h" #include "doomkeys.h" #include "doomdef.h" +#include "m_misc.h" #include "st_stuff.h" #include "p_local.h" #include "w_wad.h" @@ -670,8 +671,8 @@ AM_Responder } else if (key == key_map_mark) { - snprintf(buffer, sizeof(buffer), - "%s %d", DEH_String(AMSTR_MARKEDSPOT), markpointnum); + M_snprintf(buffer, sizeof(buffer), + "%s %d", DEH_String(AMSTR_MARKEDSPOT), markpointnum); plr->message = buffer; AM_addMark(); } diff --git a/src/strife/d_main.c b/src/strife/d_main.c index e419fd99..db5e40f2 100644 --- a/src/strife/d_main.c +++ b/src/strife/d_main.c @@ -461,7 +461,7 @@ void D_BindVariables(void) { char buf[12]; - snprintf(buf, sizeof(buf), "chatmacro%i", i); + M_snprintf(buf, sizeof(buf), "chatmacro%i", i); M_BindVariable(buf, &chat_macros[i]); } } @@ -792,8 +792,8 @@ static char *GetGameName(char *gamename) gamename_size = strlen(deh_sub) + 10; gamename = Z_Malloc(gamename_size, PU_STATIC, 0); - snprintf(gamename, gamename_size, deh_sub, - STRIFE_VERSION / 100, STRIFE_VERSION % 100); + M_snprintf(gamename, gamename_size, deh_sub, + STRIFE_VERSION / 100, STRIFE_VERSION % 100); while (gamename[0] != '\0' && isspace(gamename[0])) { diff --git a/src/strife/g_game.c b/src/strife/g_game.c index 23e0cef9..c67d7be1 100644 --- a/src/strife/g_game.c +++ b/src/strife/g_game.c @@ -985,8 +985,8 @@ void G_Ticker (void) { static char turbomessage[80]; extern char player_names[8][16]; - snprintf(turbomessage, sizeof(turbomessage), - "%s is turbo!", player_names[i]); + M_snprintf(turbomessage, sizeof(turbomessage), + "%s is turbo!", player_names[i]); players[consoleplayer].message = turbomessage; turbodetected[i] = false; } @@ -1290,7 +1290,7 @@ void G_LoadPath(int map) char mapbuf[33]; memset(mapbuf, 0, sizeof(mapbuf)); - snprintf(mapbuf, sizeof(mapbuf), "%d", map); + M_snprintf(mapbuf, sizeof(mapbuf), "%d", map); // haleyjd: free if already set, and use M_SafeFilePath if(loadpath) @@ -1805,7 +1805,7 @@ void G_DoSaveGame (char *path) // [STRIFE] custom save file path logic memset(gamemapstr, 0, sizeof(gamemapstr)); - snprintf(gamemapstr, sizeof(gamemapstr), "%d", gamemap); + M_snprintf(gamemapstr, sizeof(gamemapstr), "%d", gamemap); savegame_file = M_SafeFilePath(path, gamemapstr); // [STRIFE] write the "current" file, which tells which hub map @@ -1870,7 +1870,7 @@ void G_DoSaveGame (char *path) // [STRIFE]: custom message logic if(!strcmp(path, savepath)) { - snprintf(savename, sizeof(savename), "%s saved.", character_name); + M_snprintf(savename, sizeof(savename), "%s saved.", character_name); players[consoleplayer].message = savename; } @@ -2195,7 +2195,7 @@ void G_RecordDemo (char* name) usergame = false; demoname_size = strlen(name) + 5; demoname = Z_Malloc(demoname_size, PU_STATIC, NULL); - snprintf(demoname, demoname_size, "%s.lmp", name); + M_snprintf(demoname, demoname_size, "%s.lmp", name); maxsize = 0x20000; //! @@ -2290,8 +2290,8 @@ static char *DemoVersionDescription(int version) } // Unknown version. Who knows? - snprintf(resultbuf, sizeof(resultbuf), - "%i.%i (unknown)", version / 100, version % 100); + M_snprintf(resultbuf, sizeof(resultbuf), + "%i.%i (unknown)", version / 100, version % 100); return resultbuf; } diff --git a/src/strife/m_saves.c b/src/strife/m_saves.c index 4303dbe2..e4d5919f 100644 --- a/src/strife/m_saves.c +++ b/src/strife/m_saves.c @@ -222,7 +222,7 @@ void M_SaveMoveMapToHere(void) char tmpnum[33]; // haleyjd: no itoa available... - snprintf(tmpnum, sizeof(tmpnum), "%d", gamemap); + M_snprintf(tmpnum, sizeof(tmpnum), "%d", gamemap); // haleyjd: use M_SafeFilePath, not sprintf mapsave = M_SafeFilePath(savepath, tmpnum); @@ -251,7 +251,7 @@ void M_SaveMoveHereToMap(void) char tmpnum[33]; // haleyjd: no itoa available... - snprintf(tmpnum, sizeof(tmpnum), "%d", gamemap); + M_snprintf(tmpnum, sizeof(tmpnum), "%d", gamemap); mapsave = M_SafeFilePath(savepathtemp, tmpnum); heresave = M_SafeFilePath(savepathtemp, "here"); @@ -437,7 +437,7 @@ char *M_SafeFilePath(const char *basepath, const char *newcomponent) // that either basepath or newcomponent includes a redundant slash at the // end or beginning respectively. newstrlen = M_StringAlloc(&newstr, 3, 1, basepath, "/", newcomponent); - snprintf(newstr, newstrlen, "%s/%s", basepath, newcomponent); + M_snprintf(newstr, newstrlen, "%s/%s", basepath, newcomponent); M_NormalizeSlashes(newstr); return newstr; @@ -477,8 +477,8 @@ char *M_MakeStrifeSaveDir(int slotnum, const char *extra) { static char tmpbuffer[32]; - snprintf(tmpbuffer, sizeof(tmpbuffer), - "strfsav%d.ssg%s", slotnum, extra); + M_snprintf(tmpbuffer, sizeof(tmpbuffer), + "strfsav%d.ssg%s", slotnum, extra); return tmpbuffer; } diff --git a/src/strife/p_inter.c b/src/strife/p_inter.c index 00b0ef24..96594211 100644 --- a/src/strife/p_inter.c +++ b/src/strife/p_inter.c @@ -971,8 +971,8 @@ void P_KillMobj(mobj_t* source, mobj_t* target) EV_DoDoor(&junk, close); P_NoiseAlert(players[0].mo, players[0].mo); - snprintf(plrkilledmsg, sizeof(plrkilledmsg), - "%s", DEH_String("You're dead! You set off the alarm.")); + M_snprintf(plrkilledmsg, sizeof(plrkilledmsg), + "%s", DEH_String("You're dead! You set off the alarm.")); if(!deathmatch) players[consoleplayer].message = plrkilledmsg; @@ -1011,8 +1011,8 @@ void P_KillMobj(mobj_t* source, mobj_t* target) case MT_TOKEN_ALARM: P_NoiseAlert(players[0].mo, players[0].mo); - snprintf(plrkilledmsg, sizeof(plrkilledmsg), - "%s", DEH_String("You Fool! You've set off the alarm")); + M_snprintf(plrkilledmsg, sizeof(plrkilledmsg), + "%s", DEH_String("You Fool! You've set off the alarm")); if(!deathmatch) players[consoleplayer].message = plrkilledmsg; return; diff --git a/src/strife/p_saveg.c b/src/strife/p_saveg.c index 47fb7e8c..2f59c732 100644 --- a/src/strife/p_saveg.c +++ b/src/strife/p_saveg.c @@ -32,6 +32,7 @@ #include "deh_main.h" #include "i_system.h" #include "z_zone.h" +#include "m_misc.h" #include "p_local.h" #include "p_saveg.h" @@ -80,7 +81,7 @@ char *P_SaveGameFile(int slot) DEH_snprintf(basename, 32, SAVEGAMENAME "%d.dsg", slot); - snprintf(filename, filename_size, "%s%s", savegamedir, basename); + M_snprintf(filename, filename_size, "%s%s", savegamedir, basename); return filename; } @@ -1609,7 +1610,7 @@ void P_WriteSaveGameHeader(char *description) */ memset (name,0,sizeof(name)); - snprintf(name, sizeof(name), "ver %i", STRIFE_VERSION); + M_snprintf(name, sizeof(name), "ver %i", STRIFE_VERSION); for (i=0; imessage = useinventorymsg; if(player == &players[consoleplayer]) diff --git a/src/strife/s_sound.c b/src/strife/s_sound.c index 861586fe..fb1fc44f 100644 --- a/src/strife/s_sound.c +++ b/src/strife/s_sound.c @@ -788,7 +788,7 @@ void S_ChangeMusic(int musicnum, int looping) // get lumpnum if neccessary if (!music->lumpnum) { - snprintf(namebuf, sizeof(namebuf), "d_%s", DEH_String(music->name)); + M_snprintf(namebuf, sizeof(namebuf), "d_%s", DEH_String(music->name)); music->lumpnum = W_GetNumForName(namebuf); } diff --git a/src/strife/st_stuff.c b/src/strife/st_stuff.c index 34682093..dc6db608 100644 --- a/src/strife/st_stuff.c +++ b/src/strife/st_stuff.c @@ -54,6 +54,7 @@ #include "am_map.h" #include "m_cheat.h" #include "m_menu.h" // villsa [STRIFE] +#include "m_misc.h" #include "s_sound.h" @@ -663,11 +664,11 @@ boolean ST_Responder(event_t* ev) { // [STRIFE] 'GPS' for player position static char buf[ST_MSGWIDTH]; - snprintf(buf, sizeof(buf), - "ang=0x%x;x,y=(0x%x,0x%x)", - players[consoleplayer].mo->angle, - players[consoleplayer].mo->x, - players[consoleplayer].mo->y); + M_snprintf(buf, sizeof(buf), + "ang=0x%x;x,y=(0x%x,0x%x)", + players[consoleplayer].mo->angle, + players[consoleplayer].mo->x, + players[consoleplayer].mo->y); plyr->message = buf; } -- cgit v1.2.3