From a9d9335b20a0b708fae1b978f70348aec998356a Mon Sep 17 00:00:00 2001 From: Simon Howard Date: Tue, 1 Apr 2014 21:49:16 -0400 Subject: textscreen: Use safe string functions. Define TXT_{StringCopy,StringConcat,snprintf,vsnprintf} as analogs of the m_misc.c versions so that the textscreen library does not need a dependency on the Doom code, and change all textscreen code to use these instead of unsafe functions. This fixes #372. --- textscreen/txt_fileselect.c | 49 +++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 20 deletions(-) (limited to 'textscreen/txt_fileselect.c') diff --git a/textscreen/txt_fileselect.c b/textscreen/txt_fileselect.c index 0ef404b4..cec21937 100644 --- a/textscreen/txt_fileselect.c +++ b/textscreen/txt_fileselect.c @@ -217,6 +217,7 @@ static char *GenerateFilterString(char **extensions) unsigned int result_len = 1; unsigned int i; char *result, *out; + size_t out_len, offset; if (extensions == NULL) { @@ -229,15 +230,18 @@ static char *GenerateFilterString(char **extensions) } result = malloc(result_len); - out = result; + out = result; out_len = result_len; for (i = 0; extensions[i] != NULL; ++i) { // .wad files (*.wad)\0 - out += 1 + sprintf(out, "%s files (*.%s)", - extensions[i], extensions[i]); + offset = TXT_snprintf(out, out_len, "%s files (*.%s)", + extensions[i], extensions[i]); + out += offset + 1; out_len -= offset + 1; + // *.wad\0 - out += 1 + sprintf(out, "*.%s", extensions[i]); + offset = TXT_snprintf(out, out_len, "*.%s", extensions[i]); + out_len += offset + 1; out_len -= offset + 1; } *out = '\0'; @@ -378,19 +382,19 @@ static char *ExtensionsList(char **extensions) } result = malloc(result_len); - strcpy(result, "{"); + TXT_StringCopy(result, "{", result_len); for (i = 0; extensions[i] != NULL; ++i) { escaped = EscapedString(extensions[i]); - strcat(result, escaped); + TXT_StringConcat(result, escaped, result_len); free(escaped); if (extensions[i + 1] != NULL) - strcat(result, ","); + TXT_StringConcat(result, ",", result_len); } - strcat(result, "}"); + TXT_StringConcat(result, "}", result_len); return result; } @@ -427,19 +431,19 @@ static char *GenerateSelector(char *window_title, char **extensions) result = malloc(result_len); - strcpy(result, chooser); + TXT_StringCopy(result, chooser, result_len); if (window_title != NULL) { - strcat(result, " with prompt "); - strcat(result, window_title); + TXT_StringConcat(result, " with prompt ", result_len); + TXT_StringConcat(result, window_title, result_len); free(window_title); } if (ext_list != NULL) { - strcat(result, "of type "); - strcat(result, ext_list); + TXT_StringConcat(result, "of type ", result_len); + TXT_StringConcat(result, ext_list, result_len); free(ext_list); } @@ -449,11 +453,13 @@ static char *GenerateSelector(char *window_title, char **extensions) static char *GenerateAppleScript(char *window_title, char **extensions) { char *selector, *result; + size_t result_len; selector = GenerateSelector(window_title, extensions); - result = malloc(strlen(APPLESCRIPT_WRAPPER) + strlen(selector)); - sprintf(result, APPLESCRIPT_WRAPPER, selector); + result_len = strlen(APPLESCRIPT_WRAPPER) + strlen(selector); + result = malloc(result_len); + TXT_snprintf(result, result_len, APPLESCRIPT_WRAPPER, selector); free(selector); return result; @@ -515,6 +521,7 @@ int TXT_CanSelectFiles(void) char *TXT_SelectFile(char *window_title, char **extensions) { unsigned int i; + size_t len; char *result; char **argv; int argc; @@ -531,8 +538,9 @@ char *TXT_SelectFile(char *window_title, char **extensions) if (window_title != NULL) { - argv[argc] = malloc(10 + strlen(window_title)); - sprintf(argv[argc], "--title=%s", window_title); + len = 10 + strlen(window_title); + argv[argc] = malloc(len); + TXT_snprintf(argv[argc], len, "--title=%s", window_title); ++argc; } @@ -545,9 +553,10 @@ char *TXT_SelectFile(char *window_title, char **extensions) { for (i = 0; extensions[i] != NULL; ++i) { - argv[argc] = malloc(30 + strlen(extensions[i]) * 2); - sprintf(argv[argc], "--file-filter=.%s | *.%s", - extensions[i], extensions[i]); + len = 30 + strlen(extensions[i]) * 2; + argv[argc] = malloc(len); + TXT_snprintf(argv[argc], len, "--file-filter=.%s | *.%s", + extensions[i], extensions[i]); ++argc; } } -- cgit v1.2.3