[Scummvm-cvs-logs] scummvm master -> 59d072c40cd06e28e3b6e13311a9e74043fd72a4
Strangerke
Strangerke at scummvm.org
Sat May 31 01:37:10 CEST 2014
This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
8cbee15096 CRUISE: Add safeguards to avoid a buffer overflow in linker and sound
59d072c40c CRUISE: Add safeguards to some more string manipulations
Commit: 8cbee1509606986584625c669fc992f084036b76
https://github.com/scummvm/scummvm/commit/8cbee1509606986584625c669fc992f084036b76
Author: Strangerke (strangerke at scummvm.org)
Date: 2014-05-31T01:35:32+02:00
Commit Message:
CRUISE: Add safeguards to avoid a buffer overflow in linker and sound
Changed paths:
engines/cruise/linker.cpp
engines/cruise/sound.cpp
diff --git a/engines/cruise/linker.cpp b/engines/cruise/linker.cpp
index 817345d..cb750b0 100644
--- a/engines/cruise/linker.cpp
+++ b/engines/cruise/linker.cpp
@@ -165,7 +165,7 @@ int updateScriptImport(int ovlIdx) {
int out1;
int out2;
- strcpy(buffer, ptrImportName + ptrImportData->offsetToName);
+ Common::strlcpy(buffer, ptrImportName + ptrImportData->offsetToName, sizeof(buffer));
ptrDest2 = parseExport(&out1, &out2, buffer);
if (ptrDest2 && out2) {
@@ -230,7 +230,7 @@ int updateScriptImport(int ovlIdx) {
int linkType;
int linkEntryIdx;
- strcpy(buffer, ovlData->arrayNameRelocGlob + ovlData->arrayRelocGlob[i].nameOffset);
+ Common::strlcpy(buffer, ovlData->arrayNameRelocGlob + ovlData->arrayRelocGlob[i].nameOffset, sizeof(buffer));
pFoundExport = parseExport(&out1, &foundExportIdx, buffer);
diff --git a/engines/cruise/sound.cpp b/engines/cruise/sound.cpp
index 86146e3..1441ae9 100644
--- a/engines/cruise/sound.cpp
+++ b/engines/cruise/sound.cpp
@@ -630,7 +630,7 @@ bool PCSoundFxPlayer::load(const char *song) {
stop();
}
- strcpy(_musicName, song);
+ Common::strlcpy(_musicName, song, sizeof(_musicName));
_songPlayed = false;
_looping = false;
_sfxData = readBundleSoundFile(song);
@@ -652,7 +652,7 @@ bool PCSoundFxPlayer::load(const char *song) {
if (dot) {
*dot = '\0';
}
- strcat(instrument, _driver->getInstrumentExtension());
+ Common::strlcat(instrument, _driver->getInstrumentExtension(), sizeof(instrument));
_instrumentsData[i] = readBundleSoundFile(instrument);
if (!_instrumentsData[i]) {
warning("Unable to load soundfx instrument '%s'", instrument);
Commit: 59d072c40cd06e28e3b6e13311a9e74043fd72a4
https://github.com/scummvm/scummvm/commit/59d072c40cd06e28e3b6e13311a9e74043fd72a4
Author: Strangerke (strangerke at scummvm.org)
Date: 2014-05-31T01:35:33+02:00
Commit Message:
CRUISE: Add safeguards to some more string manipulations
Changed paths:
engines/cruise/linker.cpp
engines/cruise/overlay.cpp
diff --git a/engines/cruise/linker.cpp b/engines/cruise/linker.cpp
index cb750b0..883bad9 100644
--- a/engines/cruise/linker.cpp
+++ b/engines/cruise/linker.cpp
@@ -40,18 +40,18 @@ exportEntryStruct *parseExport(int *out1, int *pExportedFuncionIdx, char *buffer
*out1 = 0;
*pExportedFuncionIdx = 0;
- strcpy(localBuffer, buffer);
+ Common::strlcpy(localBuffer, buffer, sizeof(localBuffer));
dotPtr = strchr(localBuffer, '.');
if (dotPtr) {
- strcpy(functionName, dotPtr + 1);
+ Common::strlcpy(functionName, dotPtr + 1, sizeof(functionName));
*dotPtr = 0;
strcpy(overlayName, localBuffer);
} else {
overlayName[0] = 0;
- strcpy(functionName, buffer);
+ Common::strlcpy(functionName, buffer, sizeof(functionName));
}
ptr2 = strchr((char *)functionName, ':');
@@ -89,7 +89,7 @@ exportEntryStruct *parseExport(int *out1, int *pExportedFuncionIdx, char *buffer
char exportedName[256];
char *name = entity1Name + currentExportEntry->offsetToName;
- strcpy(exportedName, name);
+ Common::strlcpy(exportedName, name, sizeof(exportedName));
strToUpper(exportedName);
if (!strcmp(functionName, exportedName)) {
diff --git a/engines/cruise/overlay.cpp b/engines/cruise/overlay.cpp
index 61df716..d2cc0f6 100644
--- a/engines/cruise/overlay.cpp
+++ b/engines/cruise/overlay.cpp
@@ -159,7 +159,7 @@ int loadOverlay(const char *scriptName) {
return (-2);
if (scriptName != overlayTable[scriptIdx].overlayName)
- strcpy(overlayTable[scriptIdx].overlayName, scriptName);
+ Common::strlcpy(overlayTable[scriptIdx].overlayName, scriptName, sizeof(overlayTable[scriptIdx].overlayName));
overlayTable[scriptIdx].alreadyLoaded = 1;
@@ -167,9 +167,8 @@ int loadOverlay(const char *scriptName) {
overlayTable[scriptIdx].ovlData->scriptNumber = scriptIdx;
- strcpy(fileName, scriptName);
-
- strcat(fileName, ".OVL");
+ Common::strlcpy(fileName, scriptName, sizeof(fileName));
+ Common::strlcat(fileName, ".OVL", sizeof(fileName));
debug(1, "Attempting to load overlay file %s...", fileName);
@@ -550,9 +549,8 @@ int loadOverlay(const char *scriptName) {
//uint8 fileName[50];
//char* unpackedBuffer;
- strcpy(fileName, scriptName);
-
- strcat(fileName, ".FR");
+ Common::strlcpy(fileName, scriptName, sizeof(fileName));
+ Common::strlcat(fileName, ".FR", sizeof(fileName));
fileIdx = findFileInDisks(fileName);
More information about the Scummvm-git-logs
mailing list