[Scummvm-cvs-logs] scummvm master -> 95728f48904ad20f0a36b33d0bd30e4bccc9fa21

Strangerke Strangerke at scummvm.org
Sun Mar 16 14:26:36 CET 2014 

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
95728f4890 CINE: Avoid possible string buffer overrun by using strlcpy and strlcat


Commit: 95728f48904ad20f0a36b33d0bd30e4bccc9fa21
    https://github.com/scummvm/scummvm/commit/95728f48904ad20f0a36b33d0bd30e4bccc9fa21
Author: Strangerke (strangerke at scummvm.org)
Date: 2014-03-16T14:24:45+01:00

Commit Message:
CINE: Avoid possible string buffer overrun by using strlcpy and strlcat

Changed paths:
    engines/cine/anim.cpp
    engines/cine/bg.cpp
    engines/cine/gfx.cpp
    engines/cine/pal.cpp
    engines/cine/part.cpp
    engines/cine/script_fw.cpp
    engines/cine/sound.cpp



diff --git a/engines/cine/anim.cpp b/engines/cine/anim.cpp
index f47b33b..c609944 100644
--- a/engines/cine/anim.cpp
+++ b/engines/cine/anim.cpp
@@ -287,7 +287,7 @@ void AnimData::load(byte *d, int type, uint16 w, uint16 h, int16 file,
 	_fileIdx = file;
 	_frameIdx = frame;
 	memset(_name, 0, sizeof(_name));
-	strcpy(_name, n);
+	Common::strlcpy(_name, n, sizeof(_name));
 	_realWidth = w;
 
 	switch (type) {
diff --git a/engines/cine/bg.cpp b/engines/cine/bg.cpp
index 3b80a9c..ce808e0 100644
--- a/engines/cine/bg.cpp
+++ b/engines/cine/bg.cpp
@@ -48,7 +48,7 @@ byte loadCtFW(const char *ctName) {
 	}
 
 	if (currentCtName != ctName)
-		strcpy(currentCtName, ctName);
+		Common::strlcpy(currentCtName, ctName, sizeof(currentCtName));
 
 	ptr = dataPtr = readBundleFile(foundFileIdx);
 
@@ -75,7 +75,7 @@ byte loadCtOS(const char *ctName) {
 	}
 
 	if (currentCtName != ctName)
-		strcpy(currentCtName, ctName);
+		Common::strlcpy(currentCtName, ctName, sizeof(currentCtName));
 
 	ptr = dataPtr = readBundleFile(foundFileIdx);
 
diff --git a/engines/cine/gfx.cpp b/engines/cine/gfx.cpp
index ab83594..f6419ec 100644
--- a/engines/cine/gfx.cpp
+++ b/engines/cine/gfx.cpp
@@ -730,7 +730,7 @@ void FWRenderer::loadBg16(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_background);
 
-	strcpy(_bgName, name);
+	Common::strlcpy(_bgName, name, sizeof(_bgName));
 
 	// Load the 16 color palette
 	_backupPal.load(bg, kLowPalNumBytes, kLowPalFormat, kLowPalNumColors, CINE_BIG_ENDIAN);
@@ -1403,7 +1403,7 @@ void OSRenderer::loadBg16(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_bgTable[idx].bg);
 
-	strcpy(_bgTable[idx].name, name);
+	Common::strlcpy(_bgTable[idx].name, name, sizeof(_bgTable[idx].name));
 
 	// Load the 16 color palette
 	_bgTable[idx].pal.load(bg, kLowPalNumBytes, kLowPalFormat, kLowPalNumColors, CINE_BIG_ENDIAN);
@@ -1441,7 +1441,7 @@ void OSRenderer::loadBg256(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_bgTable[idx].bg);
 
-	strcpy(_bgTable[idx].name, name);
+	Common::strlcpy(_bgTable[idx].name, name, sizeof(_bgTable[idx].name));
 	_bgTable[idx].pal.load(bg, kHighPalNumBytes, kHighPalFormat, kHighPalNumColors, CINE_LITTLE_ENDIAN);
 	memcpy(_bgTable[idx].bg, bg + kHighPalNumBytes, _screenSize);
 }
diff --git a/engines/cine/pal.cpp b/engines/cine/pal.cpp
index a1d9b49..f3985c6 100644
--- a/engines/cine/pal.cpp
+++ b/engines/cine/pal.cpp
@@ -62,9 +62,9 @@ int16 findPaletteFromName(const char *fileName) {
 	uint16 position = 0;
 	uint16 i;
 
-	strcpy(buffer, fileName);
+	Common::strlcpy(buffer, fileName, sizeof(buffer));
 
-	while (position < strlen(fileName)) {
+	while (position < strlen(buffer)) {
 		if (buffer[position] > 'a' && buffer[position] < 'z') {
 			buffer[position] += 'A' - 'a';
 		}
diff --git a/engines/cine/part.cpp b/engines/cine/part.cpp
index c55972b..30d9461 100644
--- a/engines/cine/part.cpp
+++ b/engines/cine/part.cpp
@@ -47,7 +47,7 @@ void loadPart(const char *partName) {
 	g_cine->_partFileHandle.readUint16BE(); // entry size
 
 	if (currentPartName != partName)
-		strcpy(currentPartName, partName);
+		Common::strlcpy(currentPartName, partName, sizeof(currentPartName));
 
 	for (uint16 i = 0; i < g_cine->_partBuffer.size(); i++) {
 		g_cine->_partFileHandle.read(g_cine->_partBuffer[i].partName, 14);
diff --git a/engines/cine/script_fw.cpp b/engines/cine/script_fw.cpp
index c02868d..c0b0c1f 100644
--- a/engines/cine/script_fw.cpp
+++ b/engines/cine/script_fw.cpp
@@ -1419,19 +1419,19 @@ int FWScript::o1_loadNewPrcName() {
 	switch (param1) {
 	case 0:
 		debugC(5, kCineDebugScript, "Line: %d: loadPrc(\"%s\")", _line, param2);
-		strcpy(newPrcName, param2);
+		Common::strlcpy(newPrcName, param2, sizeof(newPrcName));
 		break;
 	case 1:
 		debugC(5, kCineDebugScript, "Line: %d: loadRel(\"%s\")", _line, param2);
-		strcpy(newRelName, param2);
+		Common::strlcpy(newRelName, param2, sizeof(newRelName));
 		break;
 	case 2:
 		debugC(5, kCineDebugScript, "Line: %d: loadObject(\"%s\")", _line, param2);
-		strcpy(newObjectName, param2);
+		Common::strlcpy(newObjectName, param2, sizeof(newObjectName));
 		break;
 	case 3:
 		debugC(5, kCineDebugScript, "Line: %d: loadMsg(\"%s\")", _line, param2);
-		strcpy(newMsgName, param2);
+		Common::strlcpy(newMsgName, param2, sizeof(newMsgName));
 		break;
 	}
 	return 0;
diff --git a/engines/cine/sound.cpp b/engines/cine/sound.cpp
index e2d9d22..069a478 100644
--- a/engines/cine/sound.cpp
+++ b/engines/cine/sound.cpp
@@ -813,7 +813,7 @@ bool PCSoundFxPlayer::load(const char *song) {
 			if (dot) {
 				*dot = '\0';
 			}
-			strcat(instrument, _driver->getInstrumentExtension());
+			Common::strlcat(instrument, _driver->getInstrumentExtension(), sizeof(instrument));
 			uint32 instrumentSize;
 			_instrumentsData[i] = readBundleSoundFile(instrument, &instrumentSize);
 			if (!_instrumentsData[i]) {

More information about the Scummvm-git-logs mailing list