[Scummvm-cvs-logs] scummvm master -> 8577606b04c39653a90f696e6e2285653a374628

sev- sev at scummvm.org
Fri May 13 09:25:05 CEST 2016 

This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
d8caeed074 LASTEXPRESS: Fixed potential buffer overrun
8577606b04 LURE: Safer string manipulation


Commit: d8caeed074a5cfbf512373da582e7f34f2e7d991
    https://github.com/scummvm/scummvm/commit/d8caeed074a5cfbf512373da582e7f34f2e7d991
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2016-05-13T09:08:59+02:00

Commit Message:
LASTEXPRESS: Fixed potential buffer overrun

Changed paths:
    engines/lastexpress/entities/gendarmes.cpp



diff --git a/engines/lastexpress/entities/gendarmes.cpp b/engines/lastexpress/entities/gendarmes.cpp
index b628b8d..1b51dd2 100644
--- a/engines/lastexpress/entities/gendarmes.cpp
+++ b/engines/lastexpress/entities/gendarmes.cpp
@@ -174,7 +174,7 @@ IMPLEMENT_FUNCTION_IISS(9, Gendarmes, doCompartment, CarIndex, EntityPosition)
 
 		strcat((char *)&parameters1->seq1, (char *)&params->seq1);
 		strcat((char *)&parameters1->seq2, (char *)&params->seq1);
-		strcat((char *)&parameters1->seq3, (char *)&params->seq1);
+		Common::strlcat((char *)&parameters1->seq3, (char *)&params->seq1, 9); // Beware, seq3 is smaller than seq1
 
 		if ((getEntities()->isInsideCompartment(kEntityPlayer, (CarIndex)params->param1, (EntityPosition)params->param2)
 		  || getEntities()->isInsideCompartment(kEntityPlayer, (CarIndex)params->param1, (EntityPosition)parameters2->param7)


Commit: 8577606b04c39653a90f696e6e2285653a374628
    https://github.com/scummvm/scummvm/commit/8577606b04c39653a90f696e6e2285653a374628
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2016-05-13T09:23:20+02:00

Commit Message:
LURE: Safer string manipulation

Changed paths:
    engines/lure/game.cpp
    engines/lure/hotspots.cpp
    engines/lure/scripts.cpp



diff --git a/engines/lure/game.cpp b/engines/lure/game.cpp
index 38ca0ba..371bcd6 100644
--- a/engines/lure/game.cpp
+++ b/engines/lure/game.cpp
@@ -538,7 +538,7 @@ void Game::handleRightClickMenu() {
 			hotspot = res.getHotspot(room.hotspotId());
 			assert(hotspot);
 			strings.getString(hotspot->nameId, statusLine);
-			strcat(statusLine, stringList.getString(S_FOR));
+			Common::strlcat(statusLine, stringList.getString(S_FOR), MAX_DESC_SIZE);
 			statusLine += strlen(statusLine);
 
 			itemId = PopupMenu::ShowItems(GET, player->roomNumber());
@@ -549,7 +549,7 @@ void Game::handleRightClickMenu() {
 			hotspot = res.getHotspot(room.hotspotId());
 			assert(hotspot);
 			strings.getString(hotspot->nameId, statusLine);
-			strcat(statusLine, stringList.getString(S_TO));
+			Common::strlcat(statusLine, stringList.getString(S_TO), MAX_DESC_SIZE);
 			breakFlag = GetTellActions();
 			break;
 
@@ -559,7 +559,7 @@ void Game::handleRightClickMenu() {
 		case DRINK:
 			hasItems = (res.numInventoryItems() != 0);
 			if (!hasItems)
-				strcat(statusLine, stringList.getString(S_ACTION_NOTHING));
+				Common::strlcat(statusLine, stringList.getString(S_ACTION_NOTHING), MAX_DESC_SIZE);
 			statusLine += strlen(statusLine);
 
 			room.update();
@@ -579,9 +579,9 @@ void Game::handleRightClickMenu() {
 						assert(useHotspot);
 						strings.getString(useHotspot->nameId, statusLine);
 						if (action == GIVE)
-							strcat(statusLine, stringList.getString(S_TO));
+							Common::strlcat(statusLine, stringList.getString(S_TO), MAX_DESC_SIZE);
 						else
-							strcat(statusLine, stringList.getString(S_ON));
+							Common::strlcat(statusLine, stringList.getString(S_ON), MAX_DESC_SIZE);
 						statusLine += strlen(statusLine);
 					}
 					else if ((action == DRINK) || (action == EXAMINE))
diff --git a/engines/lure/hotspots.cpp b/engines/lure/hotspots.cpp
index fbf93e1..a972909 100644
--- a/engines/lure/hotspots.cpp
+++ b/engines/lure/hotspots.cpp
@@ -1898,8 +1898,8 @@ void Hotspot::doStatus(HotspotData *hotspot) {
 	endAction();
 
 	strings.getString(room.roomNumber(), buffer);
-	strcat(buffer, "\n\n");
-	strcat(buffer, stringList.getString(S_YOU_ARE_CARRYING));
+	Common::strlcat(buffer, "\n\n", MAX_DESC_SIZE);
+	Common::strlcat(buffer, stringList.getString(S_YOU_ARE_CARRYING), MAX_DESC_SIZE);
 
 	// Scan through the list and add in any items assigned to the player
 	HotspotDataList &list = res.hotspotData();
@@ -1909,25 +1909,25 @@ void Hotspot::doStatus(HotspotData *hotspot) {
 
 		if (rec.roomNumber == PLAYER_ID) {
 			if (numItems++ == 0)
-				strcat(buffer, ": ");
+				Common::strlcat(buffer, ": ", MAX_DESC_SIZE);
 			else
-				strcat(buffer, ", ");
+				Common::strlcat(buffer, ", ", MAX_DESC_SIZE);
 			strings.getString(rec.nameId, buffer + strlen(buffer));
 		}
 	}
 
 	// If there were no items, add in the word 'nothing'
 	if (numItems == 0)
-		strcat(buffer, stringList.getString(S_INV_NOTHING));
+		Common::strlcat(buffer, stringList.getString(S_INV_NOTHING), MAX_DESC_SIZE);
 
 	// If the player has money, add it in
 	uint16 numGroats = res.fieldList().numGroats();
 	if (numGroats > 0) {
-		strcat(buffer, "\n\n");
-		strcat(buffer, stringList.getString(S_YOU_HAVE));
-		sprintf(buffer + strlen(buffer), "%d", numGroats);
-		strcat(buffer, " ");
-		strcat(buffer, stringList.getString((numGroats == 1) ? S_GROAT : S_GROATS));
+		Common::strlcat(buffer, "\n\n", MAX_DESC_SIZE);
+		Common::strlcat(buffer, stringList.getString(S_YOU_HAVE), MAX_DESC_SIZE);
+		snprintf(buffer + strlen(buffer), MAX_DESC_SIZE, "%d", numGroats);
+		Common::strlcat(buffer, " ", MAX_DESC_SIZE);
+		Common::strlcat(buffer, stringList.getString((numGroats == 1) ? S_GROAT : S_GROATS), MAX_DESC_SIZE); // Make sure we're not overrunning
 	}
 
 	// Display the dialog
diff --git a/engines/lure/scripts.cpp b/engines/lure/scripts.cpp
index 3df119a..f7dc060 100644
--- a/engines/lure/scripts.cpp
+++ b/engines/lure/scripts.cpp
@@ -926,8 +926,8 @@ uint16 Script::execute(uint16 startOffset) {
 		opcode >>= 1;
 
 		if (gDebugLevel >= ERROR_DETAILED)
-			strcat(debugInfo, (opcode > S_OPCODE_RANDOM) ? "INVALID" :
-				scriptOpcodes[opcode]);
+			Common::strlcat(debugInfo, (opcode > S_OPCODE_RANDOM) ? "INVALID" :
+				scriptOpcodes[opcode], MAX_DESC_SIZE);
 
 		if (hasParam) {
 			// Flag to read next two bytes as active parameter
@@ -1087,7 +1087,7 @@ uint16 Script::execute(uint16 startOffset) {
 				else if (scriptMethodNames[param] == NULL) strcat(debugInfo, " UNKNOWN METHOD");
 				else {
 					strcat(debugInfo, " ");
-					strcat(debugInfo, scriptMethodNames[param]);
+					Common::strlcat(debugInfo, scriptMethodNames[param], MAX_DESC_SIZE);
 				}
 
 				// Any params

More information about the Scummvm-git-logs mailing list