static clvideo_t* OpenVideo( clvideo_t *video, const char *filename, const char *name, int owner )
{
- strncpy( video->filename, filename, MAX_QPATH );
+ strlcpy( video->filename, filename, sizeof(video->filename) );
video->ownertag = owner;
if( strncmp( name, CLVIDEOPREFIX, sizeof( CLVIDEOPREFIX ) - 1 ) )
return NULL;
- strncpy( video->cpif.name, name, MAX_QPATH );
+ strlcpy( video->cpif.name, name, sizeof(video->cpif.name) );
if( !OpenStream( video ) )
return NULL;
extern int dpsnprintf (char *buffer, size_t buffersize, const char *format, ...);
extern int dpvsnprintf (char *buffer, size_t buffersize, const char *format, va_list args);
+// A bunch of functions are forbidden for security reasons (and also to please MSVS 2005, for some of them)
+#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT
+#define strncat DO_NOT_USE_STRNCAT__USE_STRLCAT_OR_MEMCPY
+//#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY
+#define strncpy DO_NOT_USE_STRNCPY__USE_STRLCPY_OR_MEMCPY
+//#define sprintf DO_NOT_USE_SPRINTF__USE_DPSNPRINTF
+
//============================================================================
csqc_printtextbuf[0] = 0;
}
else
- strcat(csqc_printtextbuf, msg);
+ strlcat(csqc_printtextbuf, msg, CSQC_PRINTBUFFERLEN);
return;
}
- strcat(csqc_printtextbuf, msg);
+ strlcat(csqc_printtextbuf, msg, CSQC_PRINTBUFFERLEN);
CL_VM_Parse_Print(csqc_printtextbuf);
csqc_printtextbuf[0] = 0;
}
s->videopixels = (unsigned int *)Z_Malloc(s->info_imagewidth * s->info_imageheight * sizeof(*s->videopixels));
if (s->videopixels != NULL)
{
- wavename = (char *)Z_Malloc(strlen(filename) + 10);
+ size_t namelen;
+
+ namelen = strlen(filename) + 10;
+ wavename = (char *)Z_Malloc(namelen);
if (wavename)
{
sfx_t* sfx;
StripExtension(filename, wavename);
- strcat(wavename, ".wav");
+ strlcat(wavename, ".wav", namelen);
sfx = S_PrecacheSound (wavename, false, false);
if (sfx != NULL)
s->sndchan = S_StartSound (-1, 0, sfx, vec3_origin, 1.0f, 0);
if (i > 0)
{
cbd[i]=0;
- strcat(key_lines[edit_line], cbd);
+ strlcat(key_lines[edit_line], cbd, sizeof(key_lines[edit_line]));
key_linepos += i;
}
Z_Free(cbd);
if (keys[j] != -1)
{
if (j > 0)
- strcat(keystring, " or ");
- strcat(keystring, Key_KeynumToString (keys[j]));
+ strlcat(keystring, " or ", sizeof(keystring));
+ strlcat(keystring, Key_KeynumToString (keys[j]), sizeof(keystring));
}
}
}
k = value[i];
value[i] = 0;
strcpy(wadname, "textures/");
- strcat(wadname, &value[j]);
+ strlcat(wadname, &value[j], sizeof(wadname));
W_LoadTextureWadFile(wadname, false);
j = i+1;
if (!k)
M_FindKeysForCommand(cmd, keys);
for(i = 0; i < NUMKEYS; i++)
- ret = strcat(ret, va(" \'%i\'", keys[i]));
+ strlcat(ret, va(" \'%i\'", keys[i]), VM_STRINGTEMP_LENGTH);
PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(ret);
}
switch( field ) {
case SLIF_CNAME:
- strncpy( mask->info.cname, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.cname) );
+ strlcpy( mask->info.cname, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.cname) );
break;
case SLIF_NAME:
- strncpy( mask->info.name, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.name) );
+ strlcpy( mask->info.name, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.name) );
break;
case SLIF_MAP:
- strncpy( mask->info.map, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.map) );
+ strlcpy( mask->info.map, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.map) );
break;
case SLIF_MOD:
- strncpy( mask->info.mod, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.mod) );
+ strlcpy( mask->info.mod, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.mod) );
break;
case SLIF_GAME:
- strncpy( mask->info.game, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.game) );
+ strlcpy( mask->info.game, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.game) );
break;
default:
VM_Warning( "VM_M_setserverlistmaskstring: Bad field number %i passed!\n", field );
l += strlen(b->strings[i]);
if(l>=4095)
break;
- k = strcat(k, b->strings[i]);
- if(!k)
- break;
+ strlcat(k, b->strings[i], VM_STRINGTEMP_LENGTH);
if(sep && (i != b->num_strings-1))
{
l += strlen(sep);
if(l>=4095)
break;
- k = strcat(k, sep);
- if(!k)
- break;
+ strlcat(k, sep, VM_STRINGTEMP_LENGTH);
}
}
PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(k);
tempstring2[sizeof(tempstring2)-1] = 0;
name = tempstring2;
}
- strcat(tempstring, name);
+ strlcat(tempstring, name, sizeof(tempstring));
for (l = strlen(name);l < 14;l++)
- strcat(tempstring, " ");
- strcat(tempstring, " ");
+ strlcat(tempstring, " ", sizeof(tempstring));
+ strlcat(tempstring, " ", sizeof(tempstring));
name = PRVM_ValueString((etype_t)d->type, (prvm_eval_t *)v);
if (strlen(name) > sizeof(tempstring2)-4)
tempstring2[sizeof(tempstring2)-1] = 0;
name = tempstring2;
}
- strcat(tempstring, name);
- strcat(tempstring, "\n");
+ strlcat(tempstring, name, sizeof(tempstring));
+ strlcat(tempstring, "\n", sizeof(tempstring));
if (strlen(tempstring) >= sizeof(tempstring)/2)
{
Con_Print(tempstring);
switch(d->type & ~DEF_SAVEGLOBAL)
{
case ev_string:
- strcat(tempstring, "string ");
+ strlcat(tempstring, "string ", sizeof(tempstring));
break;
case ev_entity:
- strcat(tempstring, "entity ");
+ strlcat(tempstring, "entity ", sizeof(tempstring));
break;
case ev_function:
- strcat(tempstring, "function ");
+ strlcat(tempstring, "function ", sizeof(tempstring));
break;
case ev_field:
- strcat(tempstring, "field ");
+ strlcat(tempstring, "field ", sizeof(tempstring));
break;
case ev_void:
- strcat(tempstring, "void ");
+ strlcat(tempstring, "void ", sizeof(tempstring));
break;
case ev_float:
- strcat(tempstring, "float ");
+ strlcat(tempstring, "float ", sizeof(tempstring));
break;
case ev_vector:
- strcat(tempstring, "vector ");
+ strlcat(tempstring, "vector ", sizeof(tempstring));
break;
case ev_pointer:
- strcat(tempstring, "pointer ");
+ strlcat(tempstring, "pointer ", sizeof(tempstring));
break;
default:
sprintf (tempstring2, "bad type %i ", d->type & ~DEF_SAVEGLOBAL);
- strcat(tempstring, tempstring2);
+ strlcat(tempstring, tempstring2, sizeof(tempstring));
break;
}
if (strlen(name) > sizeof(tempstring2)-4)
tempstring2[sizeof(tempstring2)-1] = 0;
name = tempstring2;
}
- strcat(tempstring, name);
+ strlcat(tempstring, name, sizeof(tempstring));
for (j = (int)strlen(name);j < 25;j++)
- strcat(tempstring, " ");
+ strlcat(tempstring, " ", sizeof(tempstring));
sprintf(tempstring2, "%5d", counts[i]);
- strcat(tempstring, tempstring2);
- strcat(tempstring, "\n");
+ strlcat(tempstring, tempstring2, sizeof(tempstring));
+ strlcat(tempstring, "\n", sizeof(tempstring));
if (strlen(tempstring) >= sizeof(tempstring)/2)
{
Con_Print(tempstring);