CINE: Avoid possible string buffer overrun by using strlcpy and strlcat

author: Strangerke 2014-03-16 14:24:45 +0100
committer: Strangerke 2014-03-16 14:24:45 +0100
commit: 95728f48904ad20f0a36b33d0bd30e4bccc9fa21 (patch)
tree: 257c8d92a1c7779c3328882c2b28f46b012adcf4
parent: 8f6971ae61559cefae92efc6feca4a4373a35b55 (diff)
download: scummvm-rg350-95728f48904ad20f0a36b33d0bd30e4bccc9fa21.tar.gz
scummvm-rg350-95728f48904ad20f0a36b33d0bd30e4bccc9fa21.tar.bz2
scummvm-rg350-95728f48904ad20f0a36b33d0bd30e4bccc9fa21.zip
7 files changed, 14 insertions, 14 deletions
diff --git a/engines/cine/anim.cpp b/engines/cine/anim.cpp
index f47b33bf16..c6099447d8 100644
--- a/engines/cine/anim.cpp
+++ b/engines/cine/anim.cpp
@@ -287,7 +287,7 @@ void AnimData::load(byte *d, int type, uint16 w, uint16 h, int16 file,
 	_fileIdx = file;
 	_frameIdx = frame;
 	memset(_name, 0, sizeof(_name));
-	strcpy(_name, n);
+	Common::strlcpy(_name, n, sizeof(_name));
 	_realWidth = w;
 
 	switch (type) {
diff --git a/engines/cine/bg.cpp b/engines/cine/bg.cpp
index 3b80a9c037..ce808e0f6a 100644
--- a/engines/cine/bg.cpp
+++ b/engines/cine/bg.cpp
@@ -48,7 +48,7 @@ byte loadCtFW(const char *ctName) {
 	}
 
 	if (currentCtName != ctName)
-		strcpy(currentCtName, ctName);
+		Common::strlcpy(currentCtName, ctName, sizeof(currentCtName));
 
 	ptr = dataPtr = readBundleFile(foundFileIdx);
 
@@ -75,7 +75,7 @@ byte loadCtOS(const char *ctName) {
 	}
 
 	if (currentCtName != ctName)
-		strcpy(currentCtName, ctName);
+		Common::strlcpy(currentCtName, ctName, sizeof(currentCtName));
 
 	ptr = dataPtr = readBundleFile(foundFileIdx);
 
diff --git a/engines/cine/gfx.cpp b/engines/cine/gfx.cpp
index ab83594054..f6419ecafc 100644
--- a/engines/cine/gfx.cpp
+++ b/engines/cine/gfx.cpp
@@ -730,7 +730,7 @@ void FWRenderer::loadBg16(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_background);
 
-	strcpy(_bgName, name);
+	Common::strlcpy(_bgName, name, sizeof(_bgName));
 
 	// Load the 16 color palette
 	_backupPal.load(bg, kLowPalNumBytes, kLowPalFormat, kLowPalNumColors, CINE_BIG_ENDIAN);
@@ -1403,7 +1403,7 @@ void OSRenderer::loadBg16(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_bgTable[idx].bg);
 
-	strcpy(_bgTable[idx].name, name);
+	Common::strlcpy(_bgTable[idx].name, name, sizeof(_bgTable[idx].name));
 
 	// Load the 16 color palette
 	_bgTable[idx].pal.load(bg, kLowPalNumBytes, kLowPalFormat, kLowPalNumColors, CINE_BIG_ENDIAN);
@@ -1441,7 +1441,7 @@ void OSRenderer::loadBg256(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_bgTable[idx].bg);
 
-	strcpy(_bgTable[idx].name, name);
+	Common::strlcpy(_bgTable[idx].name, name, sizeof(_bgTable[idx].name));
 	_bgTable[idx].pal.load(bg, kHighPalNumBytes, kHighPalFormat, kHighPalNumColors, CINE_LITTLE_ENDIAN);
 	memcpy(_bgTable[idx].bg, bg + kHighPalNumBytes, _screenSize);
 }
diff --git a/engines/cine/pal.cpp b/engines/cine/pal.cpp
index a1d9b49133..f3985c691e 100644
--- a/engines/cine/pal.cpp
+++ b/engines/cine/pal.cpp
@@ -62,9 +62,9 @@ int16 findPaletteFromName(const char *fileName) {
 	uint16 position = 0;
 	uint16 i;
 
-	strcpy(buffer, fileName);
+	Common::strlcpy(buffer, fileName, sizeof(buffer));
 
-	while (position < strlen(fileName)) {
+	while (position < strlen(buffer)) {
 		if (buffer[position] > 'a' && buffer[position] < 'z') {
 			buffer[position] += 'A' - 'a';
 		}
diff --git a/engines/cine/part.cpp b/engines/cine/part.cpp
index c55972bf56..30d9461a6a 100644
--- a/engines/cine/part.cpp
+++ b/engines/cine/part.cpp
@@ -47,7 +47,7 @@ void loadPart(const char *partName) {
 	g_cine->_partFileHandle.readUint16BE(); // entry size
 
 	if (currentPartName != partName)
-		strcpy(currentPartName, partName);
+		Common::strlcpy(currentPartName, partName, sizeof(currentPartName));
 
 	for (uint16 i = 0; i < g_cine->_partBuffer.size(); i++) {
 		g_cine->_partFileHandle.read(g_cine->_partBuffer[i].partName, 14);
diff --git a/engines/cine/script_fw.cpp b/engines/cine/script_fw.cpp
index c02868d5b0..c0b0c1f5da 100644
--- a/engines/cine/script_fw.cpp
+++ b/engines/cine/script_fw.cpp
@@ -1419,19 +1419,19 @@ int FWScript::o1_loadNewPrcName() {
 	switch (param1) {
 	case 0:
 		debugC(5, kCineDebugScript, "Line: %d: loadPrc(\"%s\")", _line, param2);
-		strcpy(newPrcName, param2);
+		Common::strlcpy(newPrcName, param2, sizeof(newPrcName));
 		break;
 	case 1:
 		debugC(5, kCineDebugScript, "Line: %d: loadRel(\"%s\")", _line, param2);
-		strcpy(newRelName, param2);
+		Common::strlcpy(newRelName, param2, sizeof(newRelName));
 		break;
 	case 2:
 		debugC(5, kCineDebugScript, "Line: %d: loadObject(\"%s\")", _line, param2);
-		strcpy(newObjectName, param2);
+		Common::strlcpy(newObjectName, param2, sizeof(newObjectName));
 		break;
 	case 3:
 		debugC(5, kCineDebugScript, "Line: %d: loadMsg(\"%s\")", _line, param2);
-		strcpy(newMsgName, param2);
+		Common::strlcpy(newMsgName, param2, sizeof(newMsgName));
 		break;
 	}
 	return 0;
diff --git a/engines/cine/sound.cpp b/engines/cine/sound.cpp
index e2d9d22e6f..069a4787ac 100644
--- a/engines/cine/sound.cpp
+++ b/engines/cine/sound.cpp
@@ -813,7 +813,7 @@ bool PCSoundFxPlayer::load(const char *song) {
 			if (dot) {
 				*dot = '\0';
 			}
-			strcat(instrument, _driver->getInstrumentExtension());
+			Common::strlcat(instrument, _driver->getInstrumentExtension(), sizeof(instrument));
 			uint32 instrumentSize;
 			_instrumentsData[i] = readBundleSoundFile(instrument, &instrumentSize);
 			if (!_instrumentsData[i]) {
author	Strangerke	2014-03-16 14:24:45 +0100
committer	Strangerke	2014-03-16 14:24:45 +0100
commit	95728f48904ad20f0a36b33d0bd30e4bccc9fa21 (patch)
tree	257c8d92a1c7779c3328882c2b28f46b012adcf4
parent	8f6971ae61559cefae92efc6feca4a4373a35b55 (diff)
download	scummvm-rg350-95728f48904ad20f0a36b33d0bd30e4bccc9fa21.tar.gz scummvm-rg350-95728f48904ad20f0a36b33d0bd30e4bccc9fa21.tar.bz2 scummvm-rg350-95728f48904ad20f0a36b33d0bd30e4bccc9fa21.zip