From 2f333f997ba42c44fd76cefeeb1912e2548532b3 Mon Sep 17 00:00:00 2001
From: Strangerke
Date: Sun, 10 Nov 2013 09:57:42 +0100
Subject: CGE: Ensure string copy don't overrun. Fix CID 1003674 to 1003678

---
 engines/cge/cge_main.cpp | 6 +++---
 engines/cge/text.cpp     | 5 ++---
 engines/cge/vga13h.cpp   | 3 +--
 3 files changed, 6 insertions(+), 8 deletions(-)

(limited to 'engines')

diff --git a/engines/cge/cge_main.cpp b/engines/cge/cge_main.cpp
index ae4dee6090..5325558f8b 100644
--- a/engines/cge/cge_main.cpp
+++ b/engines/cge/cge_main.cpp
@@ -1046,7 +1046,7 @@ void CGEEngine::loadSprite(const char *fname, int ref, int scene, int col = 0, i
 		for (line = sprf.readLine(); !sprf.eos(); line = sprf.readLine()) {
 			len = line.size();
 			lcnt++;
-			strcpy(tmpStr, line.c_str());
+			Common::strlcpy(tmpStr, line.c_str(), sizeof(tmpStr));
 			if (len == 0 || *tmpStr == '.')
 				continue;
 
@@ -1132,7 +1132,7 @@ void CGEEngine::loadSprite(const char *fname, int ref, int scene, int col = 0, i
 		_sprite->_flags._bDel = true;
 
 		// Extract the filename, without the extension
-		strcpy(_sprite->_file, fname);
+		Common::strlcpy(_sprite->_file, fname, sizeof(_sprite->_file));
 		char *p = strchr(_sprite->_file, '.');
 		if (p)
 			*p = '\0';
@@ -1158,7 +1158,7 @@ void CGEEngine::loadScript(const char *fname) {
 		char *p;
 
 		lcnt++;
-		strcpy(tmpStr, line.c_str());
+		Common::strlcpy(tmpStr, line.c_str(), sizeof(tmpStr));
 		if ((line.size() == 0) || (*tmpStr == '.'))
 			continue;
 
diff --git a/engines/cge/text.cpp b/engines/cge/text.cpp
index 27bb0608fd..08ff005e1e 100644
--- a/engines/cge/text.cpp
+++ b/engines/cge/text.cpp
@@ -69,7 +69,7 @@ int16 Text::count() {
 	for (line = tf.readLine(); !tf.eos(); line = tf.readLine()) {
 		char *s;
 		assert(line.size() <= 513);
-		strcpy(tmpStr, line.c_str());
+		Common::strlcpy(tmpStr, line.c_str(), sizeof(tmpStr));
 		if ((s = strtok(tmpStr, " =,;/\t\n")) == NULL)
 			continue;
 		if (!Common::isDigit(*s))
@@ -101,8 +101,7 @@ void Text::load() {
 	for (idx = 0, line = tf.readLine(); !tf.eos(); line = tf.readLine()) {
 		int n = line.size();
 		char *s;
-		assert(n <= 513);
-		strcpy(tmpStr, line.c_str());
+		Common::strlcpy(tmpStr, line.c_str(), sizeof(tmpStr));
 		if ((s = strtok(tmpStr, " =,;/\t\n")) == NULL)
 			continue;
 		if (!Common::isDigit(*s))
diff --git a/engines/cge/vga13h.cpp b/engines/cge/vga13h.cpp
index c0407cab42..4954e638ab 100644
--- a/engines/cge/vga13h.cpp
+++ b/engines/cge/vga13h.cpp
@@ -214,8 +214,7 @@ Sprite *Sprite::expand() {
 
 		for (line = sprf.readLine(); !sprf.eos(); line = sprf.readLine()) {
 			len = line.size();
-			assert(len <= 513);
-			strcpy(tmpStr, line.c_str());
+			Common::strlcpy(tmpStr, line.c_str(), sizeof(tmpStr));
 			lcnt++;
 			if (len == 0 || *tmpStr == '.')
 				continue;
-- 
cgit v1.2.3