From a9d9335b20a0b708fae1b978f70348aec998356a Mon Sep 17 00:00:00 2001 From: Simon Howard Date: Tue, 1 Apr 2014 21:49:16 -0400 Subject: textscreen: Use safe string functions. Define TXT_{StringCopy,StringConcat,snprintf,vsnprintf} as analogs of the m_misc.c versions so that the textscreen library does not need a dependency on the Doom code, and change all textscreen code to use these instead of unsafe functions. This fixes #372. --- textscreen/txt_sdl.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 63 insertions(+), 4 deletions(-) (limited to 'textscreen/txt_sdl.c') diff --git a/textscreen/txt_sdl.c b/textscreen/txt_sdl.c index 0fb8d722..860adfa6 100644 --- a/textscreen/txt_sdl.c +++ b/textscreen/txt_sdl.c @@ -751,7 +751,7 @@ static const char *SpecialKeyName(int key) } } -void TXT_GetKeyDescription(int key, char *buf) +void TXT_GetKeyDescription(int key, char *buf, size_t buf_len) { const char *keyname; @@ -759,15 +759,15 @@ void TXT_GetKeyDescription(int key, char *buf) if (keyname != NULL) { - strcpy(buf, keyname); + TXT_StringCopy(buf, keyname, buf_len); } else if (isprint(key)) { - sprintf(buf, "%c", toupper(key)); + TXT_snprintf(buf, buf_len, "%c", toupper(key)); } else { - sprintf(buf, "??%i", key); + TXT_snprintf(buf, buf_len, "??%i", key); } } @@ -870,3 +870,62 @@ void TXT_SDL_SetEventCallback(TxtSDLEventCallbackFunc callback, void *user_data) event_callback_data = user_data; } +// Safe string functions. + +void TXT_StringCopy(char *dest, const char *src, size_t dest_len) +{ + if (dest_len < 1) + { + return; + } + + dest[dest_len - 1] = '\0'; + strncpy(dest, src, dest_len - 1); +} + +void TXT_StringConcat(char *dest, const char *src, size_t dest_len) +{ + size_t offset; + + offset = strlen(dest); + if (offset > dest_len) + { + offset = dest_len; + } + + TXT_StringCopy(dest + offset, src, dest_len - offset); +} + +// On Windows, vsnprintf() is _vsnprintf(). +#ifdef _WIN32 +#if _MSC_VER < 1400 /* not needed for Visual Studio 2008 */ +#define vsnprintf _vsnprintf +#endif +#endif + +// Safe, portable vsnprintf(). +int TXT_vsnprintf(char *buf, size_t buf_len, const char *s, va_list args) +{ + if (buf_len < 1) + { + return 0; + } + + // Windows (and other OSes?) has a vsnprintf() that doesn't always + // append a trailing \0. So we must do it, and write into a buffer + // that is one byte shorter; otherwise this function is unsafe. + buf[buf_len - 1] = '\0'; + return vsnprintf(buf, buf_len - 1, s, args); +} + +// Safe, portable snprintf(). +int TXT_snprintf(char *buf, size_t buf_len, const char *s, ...) +{ + va_list args; + int result; + va_start(args, s); + result = TXT_vsnprintf(buf, buf_len, s, args); + va_end(args); + return result; +} + -- cgit v1.2.3