[Scummvm-cvs-logs] scummvm master -> 8577606b04c39653a90f696e6e2285653a374628
sev-
sev at scummvm.org
Fri May 13 09:25:05 CEST 2016
This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
d8caeed074 LASTEXPRESS: Fixed potential buffer overrun
8577606b04 LURE: Safer string manipulation
Commit: d8caeed074a5cfbf512373da582e7f34f2e7d991
https://github.com/scummvm/scummvm/commit/d8caeed074a5cfbf512373da582e7f34f2e7d991
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2016-05-13T09:08:59+02:00
Commit Message:
LASTEXPRESS: Fixed potential buffer overrun
Changed paths:
engines/lastexpress/entities/gendarmes.cpp
diff --git a/engines/lastexpress/entities/gendarmes.cpp b/engines/lastexpress/entities/gendarmes.cpp
index b628b8d..1b51dd2 100644
--- a/engines/lastexpress/entities/gendarmes.cpp
+++ b/engines/lastexpress/entities/gendarmes.cpp
@@ -174,7 +174,7 @@ IMPLEMENT_FUNCTION_IISS(9, Gendarmes, doCompartment, CarIndex, EntityPosition)
strcat((char *)¶meters1->seq1, (char *)¶ms->seq1);
strcat((char *)¶meters1->seq2, (char *)¶ms->seq1);
- strcat((char *)¶meters1->seq3, (char *)¶ms->seq1);
+ Common::strlcat((char *)¶meters1->seq3, (char *)¶ms->seq1, 9); // Beware, seq3 is smaller than seq1
if ((getEntities()->isInsideCompartment(kEntityPlayer, (CarIndex)params->param1, (EntityPosition)params->param2)
|| getEntities()->isInsideCompartment(kEntityPlayer, (CarIndex)params->param1, (EntityPosition)parameters2->param7)
Commit: 8577606b04c39653a90f696e6e2285653a374628
https://github.com/scummvm/scummvm/commit/8577606b04c39653a90f696e6e2285653a374628
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2016-05-13T09:23:20+02:00
Commit Message:
LURE: Safer string manipulation
Changed paths:
engines/lure/game.cpp
engines/lure/hotspots.cpp
engines/lure/scripts.cpp
diff --git a/engines/lure/game.cpp b/engines/lure/game.cpp
index 38ca0ba..371bcd6 100644
--- a/engines/lure/game.cpp
+++ b/engines/lure/game.cpp
@@ -538,7 +538,7 @@ void Game::handleRightClickMenu() {
hotspot = res.getHotspot(room.hotspotId());
assert(hotspot);
strings.getString(hotspot->nameId, statusLine);
- strcat(statusLine, stringList.getString(S_FOR));
+ Common::strlcat(statusLine, stringList.getString(S_FOR), MAX_DESC_SIZE);
statusLine += strlen(statusLine);
itemId = PopupMenu::ShowItems(GET, player->roomNumber());
@@ -549,7 +549,7 @@ void Game::handleRightClickMenu() {
hotspot = res.getHotspot(room.hotspotId());
assert(hotspot);
strings.getString(hotspot->nameId, statusLine);
- strcat(statusLine, stringList.getString(S_TO));
+ Common::strlcat(statusLine, stringList.getString(S_TO), MAX_DESC_SIZE);
breakFlag = GetTellActions();
break;
@@ -559,7 +559,7 @@ void Game::handleRightClickMenu() {
case DRINK:
hasItems = (res.numInventoryItems() != 0);
if (!hasItems)
- strcat(statusLine, stringList.getString(S_ACTION_NOTHING));
+ Common::strlcat(statusLine, stringList.getString(S_ACTION_NOTHING), MAX_DESC_SIZE);
statusLine += strlen(statusLine);
room.update();
@@ -579,9 +579,9 @@ void Game::handleRightClickMenu() {
assert(useHotspot);
strings.getString(useHotspot->nameId, statusLine);
if (action == GIVE)
- strcat(statusLine, stringList.getString(S_TO));
+ Common::strlcat(statusLine, stringList.getString(S_TO), MAX_DESC_SIZE);
else
- strcat(statusLine, stringList.getString(S_ON));
+ Common::strlcat(statusLine, stringList.getString(S_ON), MAX_DESC_SIZE);
statusLine += strlen(statusLine);
}
else if ((action == DRINK) || (action == EXAMINE))
diff --git a/engines/lure/hotspots.cpp b/engines/lure/hotspots.cpp
index fbf93e1..a972909 100644
--- a/engines/lure/hotspots.cpp
+++ b/engines/lure/hotspots.cpp
@@ -1898,8 +1898,8 @@ void Hotspot::doStatus(HotspotData *hotspot) {
endAction();
strings.getString(room.roomNumber(), buffer);
- strcat(buffer, "\n\n");
- strcat(buffer, stringList.getString(S_YOU_ARE_CARRYING));
+ Common::strlcat(buffer, "\n\n", MAX_DESC_SIZE);
+ Common::strlcat(buffer, stringList.getString(S_YOU_ARE_CARRYING), MAX_DESC_SIZE);
// Scan through the list and add in any items assigned to the player
HotspotDataList &list = res.hotspotData();
@@ -1909,25 +1909,25 @@ void Hotspot::doStatus(HotspotData *hotspot) {
if (rec.roomNumber == PLAYER_ID) {
if (numItems++ == 0)
- strcat(buffer, ": ");
+ Common::strlcat(buffer, ": ", MAX_DESC_SIZE);
else
- strcat(buffer, ", ");
+ Common::strlcat(buffer, ", ", MAX_DESC_SIZE);
strings.getString(rec.nameId, buffer + strlen(buffer));
}
}
// If there were no items, add in the word 'nothing'
if (numItems == 0)
- strcat(buffer, stringList.getString(S_INV_NOTHING));
+ Common::strlcat(buffer, stringList.getString(S_INV_NOTHING), MAX_DESC_SIZE);
// If the player has money, add it in
uint16 numGroats = res.fieldList().numGroats();
if (numGroats > 0) {
- strcat(buffer, "\n\n");
- strcat(buffer, stringList.getString(S_YOU_HAVE));
- sprintf(buffer + strlen(buffer), "%d", numGroats);
- strcat(buffer, " ");
- strcat(buffer, stringList.getString((numGroats == 1) ? S_GROAT : S_GROATS));
+ Common::strlcat(buffer, "\n\n", MAX_DESC_SIZE);
+ Common::strlcat(buffer, stringList.getString(S_YOU_HAVE), MAX_DESC_SIZE);
+ snprintf(buffer + strlen(buffer), MAX_DESC_SIZE, "%d", numGroats);
+ Common::strlcat(buffer, " ", MAX_DESC_SIZE);
+ Common::strlcat(buffer, stringList.getString((numGroats == 1) ? S_GROAT : S_GROATS), MAX_DESC_SIZE); // Make sure we're not overrunning
}
// Display the dialog
diff --git a/engines/lure/scripts.cpp b/engines/lure/scripts.cpp
index 3df119a..f7dc060 100644
--- a/engines/lure/scripts.cpp
+++ b/engines/lure/scripts.cpp
@@ -926,8 +926,8 @@ uint16 Script::execute(uint16 startOffset) {
opcode >>= 1;
if (gDebugLevel >= ERROR_DETAILED)
- strcat(debugInfo, (opcode > S_OPCODE_RANDOM) ? "INVALID" :
- scriptOpcodes[opcode]);
+ Common::strlcat(debugInfo, (opcode > S_OPCODE_RANDOM) ? "INVALID" :
+ scriptOpcodes[opcode], MAX_DESC_SIZE);
if (hasParam) {
// Flag to read next two bytes as active parameter
@@ -1087,7 +1087,7 @@ uint16 Script::execute(uint16 startOffset) {
else if (scriptMethodNames[param] == NULL) strcat(debugInfo, " UNKNOWN METHOD");
else {
strcat(debugInfo, " ");
- strcat(debugInfo, scriptMethodNames[param]);
+ Common::strlcat(debugInfo, scriptMethodNames[param], MAX_DESC_SIZE);
}
// Any params
More information about the Scummvm-git-logs
mailing list