[Scummvm-cvs-logs] scummvm master -> 59d072c40cd06e28e3b6e13311a9e74043fd72a4

Strangerke Strangerke at scummvm.org
Sat May 31 01:37:10 CEST 2014


This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
8cbee15096 CRUISE: Add safeguards to avoid a buffer overflow in linker and sound
59d072c40c CRUISE: Add safeguards to some more string manipulations


Commit: 8cbee1509606986584625c669fc992f084036b76
    https://github.com/scummvm/scummvm/commit/8cbee1509606986584625c669fc992f084036b76
Author: Strangerke (strangerke at scummvm.org)
Date: 2014-05-31T01:35:32+02:00

Commit Message:
CRUISE: Add safeguards to avoid a buffer overflow in linker and sound

Changed paths:
    engines/cruise/linker.cpp
    engines/cruise/sound.cpp



diff --git a/engines/cruise/linker.cpp b/engines/cruise/linker.cpp
index 817345d..cb750b0 100644
--- a/engines/cruise/linker.cpp
+++ b/engines/cruise/linker.cpp
@@ -165,7 +165,7 @@ int updateScriptImport(int ovlIdx) {
 							int out1;
 							int out2;
 
-							strcpy(buffer, ptrImportName + ptrImportData->offsetToName);
+							Common::strlcpy(buffer, ptrImportName + ptrImportData->offsetToName, sizeof(buffer));
 							ptrDest2 = parseExport(&out1, &out2, buffer);
 
 							if (ptrDest2 && out2) {
@@ -230,7 +230,7 @@ int updateScriptImport(int ovlIdx) {
 			int linkType;
 			int linkEntryIdx;
 
-			strcpy(buffer, ovlData->arrayNameRelocGlob + ovlData->arrayRelocGlob[i].nameOffset);
+			Common::strlcpy(buffer, ovlData->arrayNameRelocGlob + ovlData->arrayRelocGlob[i].nameOffset, sizeof(buffer));
 
 			pFoundExport = parseExport(&out1, &foundExportIdx, buffer);
 
diff --git a/engines/cruise/sound.cpp b/engines/cruise/sound.cpp
index 86146e3..1441ae9 100644
--- a/engines/cruise/sound.cpp
+++ b/engines/cruise/sound.cpp
@@ -630,7 +630,7 @@ bool PCSoundFxPlayer::load(const char *song) {
 		stop();
 	}
 
-	strcpy(_musicName, song);
+	Common::strlcpy(_musicName, song, sizeof(_musicName));
 	_songPlayed = false;
 	_looping = false;
 	_sfxData = readBundleSoundFile(song);
@@ -652,7 +652,7 @@ bool PCSoundFxPlayer::load(const char *song) {
 			if (dot) {
 				*dot = '\0';
 			}
-			strcat(instrument, _driver->getInstrumentExtension());
+			Common::strlcat(instrument, _driver->getInstrumentExtension(), sizeof(instrument));
 			_instrumentsData[i] = readBundleSoundFile(instrument);
 			if (!_instrumentsData[i]) {
 				warning("Unable to load soundfx instrument '%s'", instrument);


Commit: 59d072c40cd06e28e3b6e13311a9e74043fd72a4
    https://github.com/scummvm/scummvm/commit/59d072c40cd06e28e3b6e13311a9e74043fd72a4
Author: Strangerke (strangerke at scummvm.org)
Date: 2014-05-31T01:35:33+02:00

Commit Message:
CRUISE: Add safeguards to some more string manipulations

Changed paths:
    engines/cruise/linker.cpp
    engines/cruise/overlay.cpp



diff --git a/engines/cruise/linker.cpp b/engines/cruise/linker.cpp
index cb750b0..883bad9 100644
--- a/engines/cruise/linker.cpp
+++ b/engines/cruise/linker.cpp
@@ -40,18 +40,18 @@ exportEntryStruct *parseExport(int *out1, int *pExportedFuncionIdx, char *buffer
 	*out1 = 0;
 	*pExportedFuncionIdx = 0;
 
-	strcpy(localBuffer, buffer);
+	Common::strlcpy(localBuffer, buffer, sizeof(localBuffer));
 	dotPtr = strchr(localBuffer, '.');
 
 	if (dotPtr) {
-		strcpy(functionName, dotPtr + 1);
+		Common::strlcpy(functionName, dotPtr + 1, sizeof(functionName));
 		*dotPtr = 0;
 
 		strcpy(overlayName, localBuffer);
 	} else {
 		overlayName[0] = 0;
 
-		strcpy(functionName, buffer);
+		Common::strlcpy(functionName, buffer, sizeof(functionName));
 	}
 
 	ptr2 = strchr((char *)functionName, ':');
@@ -89,7 +89,7 @@ exportEntryStruct *parseExport(int *out1, int *pExportedFuncionIdx, char *buffer
 		char exportedName[256];
 		char *name = entity1Name + currentExportEntry->offsetToName;
 
-		strcpy(exportedName, name);
+		Common::strlcpy(exportedName, name, sizeof(exportedName));
 		strToUpper(exportedName);
 
 		if (!strcmp(functionName, exportedName)) {
diff --git a/engines/cruise/overlay.cpp b/engines/cruise/overlay.cpp
index 61df716..d2cc0f6 100644
--- a/engines/cruise/overlay.cpp
+++ b/engines/cruise/overlay.cpp
@@ -159,7 +159,7 @@ int loadOverlay(const char *scriptName) {
 		return (-2);
 
 	if (scriptName != overlayTable[scriptIdx].overlayName)
-		strcpy(overlayTable[scriptIdx].overlayName, scriptName);
+		Common::strlcpy(overlayTable[scriptIdx].overlayName, scriptName, sizeof(overlayTable[scriptIdx].overlayName));
 
 	overlayTable[scriptIdx].alreadyLoaded = 1;
 
@@ -167,9 +167,8 @@ int loadOverlay(const char *scriptName) {
 
 	overlayTable[scriptIdx].ovlData->scriptNumber = scriptIdx;
 
-	strcpy(fileName, scriptName);
-
-	strcat(fileName, ".OVL");
+	Common::strlcpy(fileName, scriptName, sizeof(fileName));
+	Common::strlcat(fileName, ".OVL", sizeof(fileName));
 
 	debug(1, "Attempting to load overlay file %s...", fileName);
 
@@ -550,9 +549,8 @@ int loadOverlay(const char *scriptName) {
 		//uint8 fileName[50];
 		//char* unpackedBuffer;
 
-		strcpy(fileName, scriptName);
-
-		strcat(fileName, ".FR");
+		Common::strlcpy(fileName, scriptName, sizeof(fileName));
+		Common::strlcat(fileName, ".FR", sizeof(fileName));
 
 		fileIdx = findFileInDisks(fileName);
 






More information about the Scummvm-git-logs mailing list