From: molivier Date: Sat, 5 Aug 2006 12:31:03 +0000 (+0000) Subject: Removed all calls to strcpy; most of them are now calls to strlcpy or memcpy. X-Git-Tag: xonotic-v0.1.0preview~3839 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=cd7454f9df6b152a24c5a28750041d27023fbc1f;p=xonotic%2Fdarkplaces.git Removed all calls to strcpy; most of them are now calls to strlcpy or memcpy. git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@6544 d7cf8633-e32d-0410-b094-e92efae38249 --- diff --git a/cl_main.c b/cl_main.c index 46cd234e..363bdcee 100644 --- a/cl_main.c +++ b/cl_main.c @@ -442,13 +442,16 @@ static void CL_PrintEntities_f(void) for (i = 0, ent = cl.entities;i < cl.num_entities;i++, ent++) { + const char* modelname; + if (!ent->state_current.active) continue; if (ent->render.model) - strlcpy (name, ent->render.model->name, 25); + modelname = ent->render.model->name; else - strcpy(name, "--no model--"); + modelname = "--no model--"; + strlcpy(name, modelname, 25); for (j = (int)strlen(name);j < 25;j++) name[j] = ' '; Con_Printf("%3i: %s:%4i (%5i %5i %5i) [%3i %3i %3i] %4.2f %5.3f\n", i, name, ent->render.frame, (int) ent->render.matrix.m[0][3], (int) ent->render.matrix.m[1][3], (int) ent->render.matrix.m[2][3], (int) ent->render.angles[0] % 360, (int) ent->render.angles[1] % 360, (int) ent->render.angles[2] % 360, ent->render.scale, ent->render.alpha); diff --git a/cl_parse.c b/cl_parse.c index 18b1e975..a8d6fb6c 100644 --- a/cl_parse.c +++ b/cl_parse.c @@ -2251,7 +2251,7 @@ void CL_ParseServerMessage(void) { char description[32*64], temp[64]; int count; - strcpy(description, "packet dump: "); + strlcpy(description, "packet dump: ", sizeof(description)); i = cmdcount - 32; if (i < 0) i = 0; @@ -2591,7 +2591,7 @@ void CL_ParseServerMessage(void) { char description[32*64], temp[64]; int count; - strcpy (description, "packet dump: "); + strlcpy (description, "packet dump: ", sizeof(description)); i = cmdcount - 32; if (i < 0) i = 0; diff --git a/clvm_cmds.c b/clvm_cmds.c index 64e8025d..4a4dff9f 100644 --- a/clvm_cmds.c +++ b/clvm_cmds.c @@ -1218,7 +1218,7 @@ void VM_CL_getplayerkey (void) t[0] = 0; if(!strcasecmp(c, "name")) - strcpy(t, cl.scores[i].name); + strlcpy(t, cl.scores[i].name, sizeof(t)); else if(!strcasecmp(c, "frags")) sprintf(t, "%i", cl.scores[i].frags); @@ -1243,7 +1243,7 @@ void VM_CL_getplayerkey (void) if(!t[0]) return; temp = VM_GetTempString(); - strcpy(temp, t); + strlcpy(temp, t, VM_STRINGTEMP_LENGTH); PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(temp); } @@ -1268,8 +1268,11 @@ void VM_CL_registercmd (void) VM_SAFEPARMCOUNT(1, VM_CL_registercmd); if(!Cmd_Exists(PRVM_G_STRING(OFS_PARM0))) { - t = (char *)Z_Malloc(strlen(PRVM_G_STRING(OFS_PARM0))+1); - strcpy(t, PRVM_G_STRING(OFS_PARM0)); + size_t alloclen; + + alloclen = strlen(PRVM_G_STRING(OFS_PARM0)) + 1; + t = (char *)Z_Malloc(alloclen); + memcpy(t, PRVM_G_STRING(OFS_PARM0), alloclen); Cmd_AddCommand(t, NULL, "console command created by QuakeC"); } else @@ -1341,7 +1344,7 @@ void VM_CL_ReadString (void) PRVM_G_INT(OFS_RETURN) = 0; if(s) { - strcpy(t, s); + strlcpy(t, s, VM_STRINGTEMP_LENGTH); PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(t); } } diff --git a/cmd.c b/cmd.c index f6741f36..504a88d5 100644 --- a/cmd.c +++ b/cmd.c @@ -401,6 +401,7 @@ static void Cmd_Alias_f (void) char cmd[MAX_INPUTLINE]; int i, c; const char *s; + size_t alloclen; if (Cmd_Argc() == 1) { @@ -456,8 +457,9 @@ static void Cmd_Alias_f (void) } strlcat (cmd, "\n", sizeof (cmd)); - a->value = (char *)Z_Malloc (strlen (cmd) + 1); - strcpy (a->value, cmd); + alloclen = strlen (cmd) + 1; + a->value = (char *)Z_Malloc (alloclen); + memcpy (a->value, cmd, alloclen); } /* @@ -772,7 +774,7 @@ static void Cmd_TokenizeString (const char *text) Con_Printf("Cmd_TokenizeString: ran out of %i character buffer space for command arguements\n", CMD_TOKENIZELENGTH); break; } - strcpy (cmd_tokenizebuffer + cmd_tokenizebufferpos, com_token); + memcpy (cmd_tokenizebuffer + cmd_tokenizebufferpos, com_token, l); cmd_argv[cmd_argc] = cmd_tokenizebuffer + cmd_tokenizebufferpos; cmd_tokenizebufferpos += l; cmd_argc++; diff --git a/common.c b/common.c index 9e5d4259..739fe4a0 100644 --- a/common.c +++ b/common.c @@ -1416,7 +1416,7 @@ void InfoString_SetValue(char *buffer, size_t bufferlength, const char *key, con else { // just remove the key from the text - strcpy(buffer + pos, buffer + pos2); + strlcpy(buffer + pos, buffer + pos2, bufferlength - pos); } } diff --git a/common.h b/common.h index 1306776e..1cfcfd44 100644 --- a/common.h +++ b/common.h @@ -229,9 +229,9 @@ extern int dpsnprintf (char *buffer, size_t buffersize, const char *format, ...) extern int dpvsnprintf (char *buffer, size_t buffersize, const char *format, va_list args); // A bunch of functions are forbidden for security reasons (and also to please MSVS 2005, for some of them) -#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT +#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT_OR_MEMCPY #define strncat DO_NOT_USE_STRNCAT__USE_STRLCAT_OR_MEMCPY -//#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY +#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY_OR_MEMCPY #define strncpy DO_NOT_USE_STRNCPY__USE_STRLCPY_OR_MEMCPY //#define sprintf DO_NOT_USE_SPRINTF__USE_DPSNPRINTF diff --git a/console.c b/console.c index c244706d..dad21399 100644 --- a/console.c +++ b/console.c @@ -705,7 +705,8 @@ void Con_DrawInput (void) if (!key_consoleactive) return; // don't draw anything - text = strcpy(editlinecopy, key_lines[edit_line]); + strlcpy(editlinecopy, key_lines[edit_line], sizeof(editlinecopy)); + text = editlinecopy; // Advanced Console Editing by Radix radix@planetquake.com // Added/Modified by EvilTypeGuy eviltypeguy@qeradiant.com @@ -818,7 +819,7 @@ void Con_DrawNotify (void) while ((int)strlen(temptext) >= con_linewidth) { DrawQ_ColoredString( 0, v, temptext, con_linewidth, con_textsize.value, con_textsize.value, 1.0, 1.0, 1.0, 1.0, 0, &colorindex ); - strcpy(temptext, &temptext[con_linewidth]); + strlcpy(temptext, &temptext[con_linewidth], sizeof(temptext)); v += con_textsize.value; } if (strlen(temptext) > 0) @@ -918,7 +919,7 @@ qboolean GetMapList (const char *s, char *completedname, int completednamebuffer const char *data = NULL; char keyname[64]; char entfilename[MAX_QPATH]; - strcpy(message, "^1**ERROR**^7"); + strlcpy(message, "^1**ERROR**^7", sizeof(message)); p = 0; f = FS_Open(t->filenames[i], "rb", true, false); if(f) @@ -960,7 +961,7 @@ qboolean GetMapList (const char *s, char *completedname, int completednamebuffer else p = 0; strlcpy(entfilename, t->filenames[i], sizeof(entfilename)); - strcpy(entfilename + strlen(entfilename) - 4, ".ent"); + memcpy(entfilename + strlen(entfilename) - 4, ".ent", 5); entities = (char *)FS_LoadFile(entfilename, tempmempool, true, NULL); if (!entities && lumplen >= 10) { @@ -1008,12 +1009,12 @@ qboolean GetMapList (const char *s, char *completedname, int completednamebuffer *(t->filenames[i]+len[i]+5) = 0; switch(p) { - case Q3BSPVERSION: strcpy((char *)buf, "Q3");break; - case Q2BSPVERSION: strcpy((char *)buf, "Q2");break; - case BSPVERSION: strcpy((char *)buf, "Q1");break; - case MCBSPVERSION: strcpy((char *)buf, "MC");break; - case 30: strcpy((char *)buf, "HL");break; - default: strcpy((char *)buf, "??");break; + case Q3BSPVERSION: strlcpy((char *)buf, "Q3", sizeof(buf));break; + case Q2BSPVERSION: strlcpy((char *)buf, "Q2", sizeof(buf));break; + case BSPVERSION: strlcpy((char *)buf, "Q1", sizeof(buf));break; + case MCBSPVERSION: strlcpy((char *)buf, "MC", sizeof(buf));break; + case 30: strlcpy((char *)buf, "HL", sizeof(buf));break; + default: strlcpy((char *)buf, "??", sizeof(buf));break; } Con_Printf("%16s (%s) %s\n", t->filenames[i]+5, buf, message); } @@ -1161,7 +1162,7 @@ void Con_CompleteCommandLine (void) if (!(c + v + a)) // No possible matches { if(s2[0]) - strcpy(&key_lines[edit_line][key_linepos], s2); + strlcpy(&key_lines[edit_line][key_linepos], s2, sizeof(key_lines[edit_line]) - key_linepos); return; } diff --git a/cvar.c b/cvar.c index fb08b237..6767ea61 100644 --- a/cvar.c +++ b/cvar.c @@ -215,6 +215,7 @@ Cvar_Set void Cvar_SetQuick_Internal (cvar_t *var, const char *value) { qboolean changed; + size_t valuelen; changed = strcmp(var->string, value); // LordHavoc: don't reallocate when there is no change @@ -222,13 +223,14 @@ void Cvar_SetQuick_Internal (cvar_t *var, const char *value) return; // LordHavoc: don't reallocate when the buffer is the same size - if (!var->string || strlen(var->string) != strlen(value)) + valuelen = strlen(value); + if (!var->string || strlen(var->string) != valuelen) { Z_Free (var->string); // free the old value string - var->string = (char *)Z_Malloc (strlen(value)+1); + var->string = (char *)Z_Malloc (valuelen + 1); } - strcpy (var->string, value); + memcpy (var->string, value, valuelen + 1); var->value = atof (var->string); var->integer = (int) var->value; if ((var->flags & CVAR_NOTIFY) && changed && sv.active) @@ -315,6 +317,7 @@ void Cvar_RegisterVariable (cvar_t *variable) int hashindex; cvar_t *current, *next, *cvar; char *oldstr; + size_t alloclen; if (developer.integer >= 100) Con_Printf("Cvar_RegisterVariable({\"%s\", \"%s\", %i});\n", variable->name, variable->string, variable->flags); @@ -371,10 +374,11 @@ void Cvar_RegisterVariable (cvar_t *variable) // copy the value off, because future sets will Z_Free it oldstr = variable->string; - variable->string = (char *)Z_Malloc (strlen(variable->string)+1); - strcpy (variable->string, oldstr); - variable->defstring = (char *)Z_Malloc (strlen(variable->string)+1); - strcpy (variable->defstring, oldstr); + alloclen = strlen(variable->string) + 1; + variable->string = (char *)Z_Malloc (alloclen); + memcpy (variable->string, oldstr, alloclen); + variable->defstring = (char *)Z_Malloc (alloclen); + memcpy (variable->defstring, oldstr, alloclen); variable->value = atof (variable->string); variable->integer = (int) variable->value; @@ -406,6 +410,7 @@ cvar_t *Cvar_Get (const char *name, const char *value, int flags) { int hashindex; cvar_t *current, *next, *cvar; + size_t alloclen; if (developer.integer >= 100) Con_Printf("Cvar_Get(\"%s\", \"%s\", %i);\n", name, value, flags); @@ -427,15 +432,18 @@ cvar_t *Cvar_Get (const char *name, const char *value, int flags) } // allocate a new cvar, cvar name, and cvar string +// TODO: factorize the following code with the one at the end of Cvar_RegisterVariable() // FIXME: these never get Z_Free'd cvar = (cvar_t *)Z_Malloc(sizeof(cvar_t)); cvar->flags = flags | CVAR_ALLOCATED; - cvar->name = (char *)Z_Malloc(strlen(name)+1); - strcpy(cvar->name, name); - cvar->string = (char *)Z_Malloc(strlen(value)+1); - strcpy(cvar->string, value); - cvar->defstring = (char *)Z_Malloc(strlen(value)+1); - strcpy(cvar->defstring, value); + alloclen = strlen(name) + 1; + cvar->name = (char *)Z_Malloc(alloclen); + memcpy(cvar->name, name, alloclen); + alloclen = strlen(value) + 1; + cvar->string = (char *)Z_Malloc(alloclen); + memcpy(cvar->string, value, alloclen); + cvar->defstring = (char *)Z_Malloc(alloclen); + memcpy(cvar->defstring, value, alloclen); cvar->value = atof (cvar->string); cvar->integer = (int) cvar->value; cvar->description = "custom cvar"; @@ -505,11 +513,14 @@ void Cvar_LockDefaults_f (void) { if (!(var->flags & CVAR_DEFAULTSET)) { + size_t alloclen; + //Con_Printf("locking cvar %s (%s -> %s)\n", var->name, var->string, var->defstring); var->flags |= CVAR_DEFAULTSET; Z_Free(var->defstring); - var->defstring = (char *)Z_Malloc(strlen(var->string) + 1); - strcpy(var->defstring, var->string); + alloclen = strlen(var->string) + 1; + var->defstring = (char *)Z_Malloc(alloclen); + memcpy(var->defstring, var->string, alloclen); } } } diff --git a/dpvsimpledecode.c b/dpvsimpledecode.c index 28536526..7519c3f6 100644 --- a/dpvsimpledecode.c +++ b/dpvsimpledecode.c @@ -333,30 +333,6 @@ static int dpvsimpledecode_setpixelformat(dpvsimpledecodestream_t *s, unsigned i // opening and closing streams -static void StripExtension(char *in, char *out) -{ - char *dot, *c; - dot = NULL; - for (c = in;*c;c++) - { - if (*c == ':' || *c == '\\' || *c == '/') - dot = NULL; - if (*c == '.') - dot = c; - } - if (dot == NULL) - { - // nothing to remove - strcpy(out, in); - return; - } - else - { - memcpy(out, in, dot - in); - out[dot - in] = 0; - } -} - // opens a stream void *dpvsimpledecode_open(char *filename, char **errorstring) { @@ -400,7 +376,7 @@ void *dpvsimpledecode_open(char *filename, char **errorstring) { sfx_t* sfx; - StripExtension(filename, wavename); + FS_StripExtension(filename, wavename, namelen); strlcat(wavename, ".wav", namelen); sfx = S_PrecacheSound (wavename, false, false); if (sfx != NULL) diff --git a/filematch.c b/filematch.c index f6d85790..0837136f 100644 --- a/filematch.c +++ b/filematch.c @@ -61,10 +61,13 @@ int matchpattern(const char *in, const char *pattern, int caseinsensitive) stringlist_t *stringlistappend(stringlist_t *current, char *text) { stringlist_t *newitem; - newitem = (stringlist_t *)Z_Malloc(strlen(text) + 1 + sizeof(stringlist_t)); + size_t textlen; + + textlen = strlen(text) + 1; + newitem = (stringlist_t *)Z_Malloc(textlen + sizeof(stringlist_t)); newitem->next = NULL; newitem->text = (char *)(newitem + 1); - strcpy(newitem->text, text); + memcpy(newitem->text, text, textlen); if (current) current->next = newitem; return newitem; diff --git a/fs.c b/fs.c index 3aab0537..ede2caa8 100644 --- a/fs.c +++ b/fs.c @@ -1061,13 +1061,13 @@ void FS_Init (void) fs_mempool = Mem_AllocPool("file management", 0, NULL); - strcpy(fs_gamedir, ""); + strlcpy(fs_gamedir, "", sizeof(fs_gamedir)); // If the base directory is explicitly defined by the compilation process #ifdef DP_FS_BASEDIR - strcpy(fs_basedir, DP_FS_BASEDIR); + strlcpy(fs_basedir, DP_FS_BASEDIR, sizeof(fs_basedir)); #else - strcpy(fs_basedir, ""); + strlcpy(fs_basedir, "", sizeof(fs_basedir)); #ifdef MACOSX // FIXME: is there a better way to find the directory outside the .app? @@ -2073,17 +2073,19 @@ FS_StripExtension void FS_StripExtension (const char *in, char *out, size_t size_out) { char *last = NULL; + char currentchar; if (size_out == 0) return; - while (*in && size_out > 1) + while ((currentchar = *in) && size_out > 1) { - if (*in == '.') + if (currentchar == '.') last = out; - else if (*in == '/' || *in == '\\' || *in == ':') + else if (currentchar == '/' || currentchar == '\\' || currentchar == ':') last = NULL; - *out++ = *in++; + *out++ = currentchar; + in++; size_out--; } if (last) @@ -2221,7 +2223,7 @@ fssearch_t *FS_Search(const char *pattern, int caseinsensitive, int quiet) pak = searchpath->pack; for (i = 0;i < pak->numfiles;i++) { - strcpy(temp, pak->files[i].name); + strlcpy(temp, pak->files[i].name, sizeof(temp)); while (temp[0]) { if (matchpattern(temp, (char *)pattern, true)) @@ -2301,10 +2303,12 @@ fssearch_t *FS_Search(const char *pattern, int caseinsensitive, int quiet) numchars = 0; for (listtemp = liststart;listtemp;listtemp = listtemp->next) { + size_t textlen; search->filenames[numfiles] = search->filenamesbuffer + numchars; - strcpy(search->filenames[numfiles], listtemp->text); + textlen = strlen(listtemp->text) + 1; + memcpy(search->filenames[numfiles], listtemp->text, textlen); numfiles++; - numchars += (int)strlen(listtemp->text) + 1; + numchars += (int)textlen; } if (liststart) stringlistfree(liststart); diff --git a/gl_draw.c b/gl_draw.c index 2a6368e5..17f1224e 100644 --- a/gl_draw.c +++ b/gl_draw.c @@ -458,7 +458,7 @@ cachepic_t *Draw_NewPic(const char *picname, int width, int height, int alpha, u return cachepics; // return the first one } pic = cachepics + (numcachepics++); - strcpy (pic->name, picname); + strlcpy (pic->name, picname, sizeof(pic->name)); // link into list pic->chain = cachepichash[hashkey]; cachepichash[hashkey] = pic; diff --git a/gl_rmain.c b/gl_rmain.c index f760fa9d..02898d9d 100644 --- a/gl_rmain.c +++ b/gl_rmain.c @@ -966,7 +966,7 @@ void gl_main_newmap(void) l = (int)strlen(entname) - 4; if (l >= 0 && !strcmp(entname + l, ".bsp")) { - strcpy(entname + l, ".ent"); + memcpy(entname + l, ".ent", 5); if ((entities = (char *)FS_LoadFile(entname, tempmempool, true, NULL))) { CL_ParseEntityLump(entities); diff --git a/host.c b/host.c index 23f1a5ec..15ffddc9 100644 --- a/host.c +++ b/host.c @@ -132,7 +132,7 @@ void Host_Error (const char *error, ...) Sys_Error ("Host_Error: recursively entered (original error was: %s new error is: %s)", hosterrorstring2, hosterrorstring1); hosterror = true; - strcpy(hosterrorstring2, hosterrorstring1); + strlcpy(hosterrorstring2, hosterrorstring1, sizeof(hosterrorstring2)); CL_Parse_DumpPacket(); diff --git a/host_cmd.c b/host_cmd.c index f23c658d..408592e2 100644 --- a/host_cmd.c +++ b/host_cmd.c @@ -292,7 +292,7 @@ void Host_Map_f (void) svs.serverflags = 0; // haven't completed an episode yet allowcheats = sv_cheats.integer != 0; - strcpy(level, Cmd_Argv(1)); + strlcpy(level, Cmd_Argv(1), sizeof(level)); SV_SpawnServer(level); if (sv.active && cls.state == ca_disconnected) CL_EstablishConnection("local:1"); @@ -352,7 +352,7 @@ void Host_Changelevel_f (void) SV_SaveSpawnparms (); SV_VM_End(); allowcheats = sv_cheats.integer != 0; - strcpy(level, Cmd_Argv(1)); + strlcpy(level, Cmd_Argv(1), sizeof(level)); SV_SpawnServer(level); if (sv.active && cls.state == ca_disconnected) CL_EstablishConnection("local:1"); @@ -386,7 +386,7 @@ void Host_Restart_f (void) key_dest = key_game; allowcheats = sv_cheats.integer != 0; - strcpy(mapname, sv.name); + strlcpy(mapname, sv.name, sizeof(mapname)); SV_SpawnServer(mapname); if (sv.active && cls.state == ca_disconnected) CL_EstablishConnection("local:1"); @@ -628,7 +628,7 @@ void Host_Loadgame_f (void) return; } - strcpy (filename, Cmd_Argv(1)); + strlcpy (filename, Cmd_Argv(1), sizeof(filename)); FS_DefaultExtension (filename, ".sav", sizeof (filename)); Con_Printf("Loading game from %s...\n", filename); @@ -670,7 +670,7 @@ void Host_Loadgame_f (void) // mapname COM_ParseTokenConsole(&t); - strcpy (mapname, com_token); + strlcpy (mapname, com_token, sizeof(mapname)); // time COM_ParseTokenConsole(&t); @@ -835,7 +835,7 @@ void Host_Name_f (void) { if (host_client->spawned) SV_BroadcastPrintf("%s changed name to %s\n", host_client->old_name, host_client->name); - strcpy(host_client->old_name, host_client->name); + strlcpy(host_client->old_name, host_client->name, sizeof(host_client->old_name)); // send notification to all clients MSG_WriteByte (&sv.reliable_datagram, svc_updatename); MSG_WriteByte (&sv.reliable_datagram, host_client - svs.clients); @@ -894,7 +894,7 @@ void Host_Playermodel_f (void) PRVM_GETEDICTFIELDVALUE(host_client->edict, eval_playermodel)->string = PRVM_SetEngineString(host_client->playermodel); if (strcmp(host_client->old_model, host_client->playermodel)) { - strcpy(host_client->old_model, host_client->playermodel); + strlcpy(host_client->old_model, host_client->playermodel, sizeof(host_client->old_model)); /*// send notification to all clients MSG_WriteByte (&sv.reliable_datagram, svc_updatepmodel); MSG_WriteByte (&sv.reliable_datagram, host_client - svs.clients); @@ -954,7 +954,7 @@ void Host_Playerskin_f (void) { //if (host_client->spawned) // SV_BroadcastPrintf("%s changed skin to %s\n", host_client->name, host_client->playerskin); - strcpy(host_client->old_skin, host_client->playerskin); + strlcpy(host_client->old_skin, host_client->playerskin, sizeof(host_client->old_skin)); /*// send notification to all clients MSG_WriteByte (&sv.reliable_datagram, svc_updatepskin); MSG_WriteByte (&sv.reliable_datagram, host_client - svs.clients); diff --git a/image.c b/image.c index 353a4b5d..3fad1afb 100644 --- a/image.c +++ b/image.c @@ -762,9 +762,13 @@ unsigned char *LoadWAL (const unsigned char *f, int filesize, int matchwidth, in } -void Image_StripImageExtension (const char *in, char *out) +static void Image_StripImageExtension (const char *in, char *out, size_t size_out) { const char *end, *temp; + + if (size_out == 0) + return; + end = in + strlen(in); if ((end - in) >= 4) { @@ -775,12 +779,15 @@ void Image_StripImageExtension (const char *in, char *out) || strcmp(temp, ".png") == 0 || strcmp(temp, ".jpg") == 0) end = temp; - while (in < end) + while (in < end && size_out > 1) + { *out++ = *in++; + size_out--; + } *out++ = 0; } else - strcpy(out, in); + strlcpy(out, in, size_out); } typedef struct imageformat_s @@ -853,8 +860,7 @@ unsigned char *loadimagepixels (const char *filename, qboolean complain, int mat Mem_CheckSentinelsGlobal(); if (developer_texturelogging.integer) Log_Printf("textures.log", "%s\n", filename); - strlcpy(basename, filename, sizeof(basename)); - Image_StripImageExtension(basename, basename); // strip filename extensions to allow replacement by other types + Image_StripImageExtension(filename, basename, sizeof(basename)); // strip filename extensions to allow replacement by other types // replace *'s with #, so commandline utils don't get confused when dealing with the external files for (c = basename;*c;c++) if (*c == '*') @@ -1558,8 +1564,7 @@ int image_loadskin(imageskin_t *s, const char *shadername) unsigned char *bumppixels; int bumppixels_width, bumppixels_height; char name[MAX_QPATH]; - strlcpy(name, shadername, sizeof(name)); - Image_StripImageExtension(name, name); + Image_StripImageExtension(shadername, name, sizeof(name)); memset(s, 0, sizeof(*s)); s->basepixels = loadimagepixels(name, false, 0, 0); if (s->basepixels == NULL) diff --git a/keys.c b/keys.c index e1831c7c..0f40462a 100644 --- a/keys.c +++ b/keys.c @@ -358,7 +358,7 @@ Key_Console (int key, char ascii) { if (key_linepos > 1) { - strcpy(key_lines[edit_line] + key_linepos - 1, key_lines[edit_line] + key_linepos); + strlcpy(key_lines[edit_line] + key_linepos - 1, key_lines[edit_line] + key_linepos, sizeof(key_lines[edit_line]) + 1 - key_linepos); key_linepos--; } return; @@ -367,8 +367,10 @@ Key_Console (int key, char ascii) // delete char on cursor if (key == K_DEL || key == K_KP_DEL) { - if (key_linepos < (int)strlen(key_lines[edit_line])) - strcpy(key_lines[edit_line] + key_linepos, key_lines[edit_line] + key_linepos + 1); + size_t linelen; + linelen = strlen(key_lines[edit_line]); + if (key_linepos < (int)linelen) + memmove(key_lines[edit_line] + key_linepos, key_lines[edit_line] + key_linepos + 1, linelen - key_linepos); return; } @@ -410,9 +412,11 @@ Key_Console (int key, char ascii) { if (history_line > 0 && key_lines[history_line-1][1]) { + size_t linelen; history_line--; - strcpy(key_lines[edit_line], key_lines[history_line]); - key_linepos = (int)strlen(key_lines[edit_line]); + linelen = strlen(key_lines[edit_line]); + memcpy(key_lines[edit_line], key_lines[history_line], linelen + 1); + key_linepos = (int)linelen; } return; } @@ -429,8 +433,10 @@ Key_Console (int key, char ascii) } else { - strcpy(key_lines[edit_line], key_lines[history_line]); - key_linepos = (int)strlen(key_lines[edit_line]); + size_t linelen; + linelen = strlen(key_lines[edit_line]); + memcpy(key_lines[edit_line], key_lines[history_line], linelen + 1); + key_linepos = (int)linelen; } return; } @@ -607,7 +613,7 @@ Key_SetBinding (int keynum, int bindmap, const char *binding) // allocate memory for new binding l = strlen (binding); newbinding = (char *)Z_Malloc (l + 1); - strcpy (newbinding, binding); + memcpy (newbinding, binding, l + 1); newbinding[l] = 0; keybindings[bindmap][keynum] = newbinding; } diff --git a/lhnet.c b/lhnet.c index 67ccc9a7..4099ac68 100644 --- a/lhnet.c +++ b/lhnet.c @@ -252,7 +252,7 @@ int LHNETADDRESS_ToString(const lhnetaddress_t *address, char *string, int strin { if (stringbuffersize >= 6) { - strcpy(string, "local"); + memcpy(string, "local", 6); return 1; } } diff --git a/menu.c b/menu.c index bbe88699..e970291b 100644 --- a/menu.c +++ b/menu.c @@ -880,7 +880,7 @@ static void M_ScanSaves (void) for (i=0 ; i> 4; setup_bottom = setup_oldbottom = cl_color.integer & 15; setup_rate = cl_rate.integer; @@ -2647,7 +2647,7 @@ static void M_Keys_Draw (void) // LordHavoc: redesigned to print more than 2 keys, inspired by Tomaz's MiniRacer if (keys[0] == -1) - strcpy(keystring, "???"); + strlcpy(keystring, "???", sizeof(keystring)); else { keystring[0] = 0; diff --git a/model_alias.c b/model_alias.c index df2d5c03..d1cf3c91 100644 --- a/model_alias.c +++ b/model_alias.c @@ -557,7 +557,7 @@ static void Mod_MDL_LoadFrames (unsigned char* datapointer, int inverts, int *ve // get scene name from first frame pinframe = (daliasframe_t *)datapointer; - strcpy(scene->name, pinframe->name); + strlcpy(scene->name, pinframe->name, sizeof(scene->name)); scene->firstframe = pose; scene->framecount = groupframes; scene->framerate = 1.0f / interval; @@ -930,7 +930,7 @@ void Mod_IDP0_Load(model_t *mod, void *buffer, void *bufferend) // store the info about the new skin Mod_BuildAliasSkinFromSkinFrame(loadmodel->data_textures + totalskins * loadmodel->num_surfaces, &tempskinframe); - strcpy(loadmodel->skinscenes[loadmodel->numskins].name, name); + strlcpy(loadmodel->skinscenes[loadmodel->numskins].name, name, sizeof(loadmodel->skinscenes[loadmodel->numskins].name)); loadmodel->skinscenes[loadmodel->numskins].firstframe = totalskins; loadmodel->skinscenes[loadmodel->numskins].framecount = 1; loadmodel->skinscenes[loadmodel->numskins].framerate = 10.0f; @@ -1165,7 +1165,7 @@ void Mod_IDP2_Load(model_t *mod, void *buffer, void *bufferend) out[k] = v[vertremap[k]]; datapointer += numxyz * sizeof(trivertx_t); - strcpy(loadmodel->animscenes[i].name, pinframe->name); + strlcpy(loadmodel->animscenes[i].name, pinframe->name, sizeof(loadmodel->animscenes[i].name)); loadmodel->animscenes[i].firstframe = i; loadmodel->animscenes[i].framecount = 1; loadmodel->animscenes[i].framerate = 10; @@ -1240,7 +1240,7 @@ void Mod_IDP3_Load(model_t *mod, void *buffer, void *bufferend) loadmodel->animscenes = (animscene_t *)Mem_Alloc(loadmodel->mempool, loadmodel->numframes * sizeof(animscene_t)); for (i = 0, pinframe = (md3frameinfo_t *)((unsigned char *)pinmodel + LittleLong(pinmodel->lump_frameinfo));i < loadmodel->numframes;i++, pinframe++) { - strcpy(loadmodel->animscenes[i].name, pinframe->name); + strlcpy(loadmodel->animscenes[i].name, pinframe->name, sizeof(loadmodel->animscenes[i].name)); loadmodel->animscenes[i].firstframe = i; loadmodel->animscenes[i].framecount = 1; loadmodel->animscenes[i].framerate = 10; @@ -1253,7 +1253,7 @@ void Mod_IDP3_Load(model_t *mod, void *buffer, void *bufferend) loadmodel->data_tags = (aliastag_t *)Mem_Alloc(loadmodel->mempool, loadmodel->num_tagframes * loadmodel->num_tags * sizeof(aliastag_t)); for (i = 0, pintag = (md3tag_t *)((unsigned char *)pinmodel + LittleLong(pinmodel->lump_tags));i < loadmodel->num_tagframes * loadmodel->num_tags;i++, pintag++) { - strcpy(loadmodel->data_tags[i].name, pintag->name); + strlcpy(loadmodel->data_tags[i].name, pintag->name, sizeof(loadmodel->data_tags[i].name)); loadmodel->data_tags[i].matrix = identitymatrix; for (j = 0;j < 3;j++) { diff --git a/model_brush.c b/model_brush.c index 210caf5e..f860198c 100644 --- a/model_brush.c +++ b/model_brush.c @@ -1256,7 +1256,7 @@ static void Mod_Q1BSP_LoadTextures(lump_t *l) // fill out all slots with notexture for (i = 0, tx = loadmodel->data_textures;i < loadmodel->num_textures;i++, tx++) { - strcpy(tx->name, "NO TEXTURE FOUND"); + strlcpy(tx->name, "NO TEXTURE FOUND", sizeof(tx->name)); tx->width = 16; tx->height = 16; tx->skin.base = r_texture_notexture; @@ -1323,7 +1323,7 @@ static void Mod_Q1BSP_LoadTextures(lump_t *l) name[j] += 'a' - 'A'; tx = loadmodel->data_textures + i; - strcpy(tx->name, name); + strlcpy(tx->name, name, sizeof(tx->name)); tx->width = mtwidth; tx->height = mtheight; @@ -1650,9 +1650,9 @@ static void Mod_Q1BSP_ParseWadsFromEntityLump(const char *data) if (com_token[0] == '}') break; // end of worldspawn if (com_token[0] == '_') - strcpy(key, com_token + 1); + strlcpy(key, com_token + 1, sizeof(key)); else - strcpy(key, com_token); + strlcpy(key, com_token, sizeof(key)); while (key[strlen(key)-1] == ' ') // remove trailing spaces key[strlen(key)-1] = 0; if (!COM_ParseTokenConsole(&data)) @@ -1677,7 +1677,7 @@ static void Mod_Q1BSP_ParseWadsFromEntityLump(const char *data) { k = value[i]; value[i] = 0; - strcpy(wadname, "textures/"); + strlcpy(wadname, "textures/", sizeof(wadname)); strlcat(wadname, &value[j], sizeof(wadname)); W_LoadTextureWadFile(wadname, false); j = i+1; @@ -3349,7 +3349,7 @@ void Mod_Q1BSP_Load(model_t *mod, void *buffer, void *bufferend) // copy the base model to this one *mod = *loadmodel; // rename the clone back to its proper name - strcpy(mod->name, name); + strlcpy(mod->name, name, sizeof(mod->name)); // textures and memory belong to the main model mod->texturepool = NULL; mod->mempool = NULL; @@ -3919,14 +3919,14 @@ static void Mod_Q3BSP_LoadEntities(lump_t *l) if (com_token[0] == '}') break; // end of worldspawn if (com_token[0] == '_') - strcpy(key, com_token + 1); + strlcpy(key, com_token + 1, sizeof(key)); else - strcpy(key, com_token); + strlcpy(key, com_token, sizeof(key)); while (key[strlen(key)-1] == ' ') // remove trailing spaces key[strlen(key)-1] = 0; if (!COM_ParseTokenConsole(&data)) break; // error - strcpy(value, com_token); + strlcpy(value, com_token, sizeof(value)); if (!strcmp("gridsize", key)) { if (sscanf(value, "%f %f %f", &v[0], &v[1], &v[2]) == 3 && v[0] != 0 && v[1] != 0 && v[2] != 0) @@ -5756,7 +5756,7 @@ void Mod_Q3BSP_Load(model_t *mod, void *buffer, void *bufferend) sprintf(name, "*%i", i); mod = Mod_FindName(name); *mod = *loadmodel; - strcpy(mod->name, name); + strlcpy(mod->name, name, sizeof(mod->name)); // textures and memory belong to the main model mod->texturepool = NULL; mod->mempool = NULL; diff --git a/model_shared.c b/model_shared.c index d40b0c04..920d85e5 100644 --- a/model_shared.c +++ b/model_shared.c @@ -118,7 +118,7 @@ void Mod_UnloadModel (model_t *mod) char name[MAX_QPATH]; qboolean isworldmodel; qboolean used; - strcpy(name, mod->name); + strlcpy(name, mod->name, sizeof(name)); isworldmodel = mod->isworldmodel; used = mod->used; // free textures/memory attached to the model @@ -127,7 +127,7 @@ void Mod_UnloadModel (model_t *mod) // clear the struct to make it available memset(mod, 0, sizeof(model_t)); // restore the fields we want to preserve - strcpy(mod->name, name); + strlcpy(mod->name, name, sizeof(mod->name)); mod->isworldmodel = isworldmodel; mod->used = used; mod->loaded = false; @@ -323,7 +323,7 @@ model_t *Mod_FindName(const char *name) if (mod_numknown == i) mod_numknown++; mod = mod_known + i; - strcpy (mod->name, name); + strlcpy (mod->name, name, sizeof(mod->name)); mod->loaded = false; mod->used = true; return mod; diff --git a/prvm_cmds.c b/prvm_cmds.c index c644fa05..811cdf67 100644 --- a/prvm_cmds.c +++ b/prvm_cmds.c @@ -535,7 +535,7 @@ void VM_cvar_string(void) cvar_string = Cvar_VariableString(name); - strcpy(out, cvar_string); + strlcpy(out, cvar_string, VM_STRINGTEMP_LENGTH); PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(out); } @@ -566,7 +566,7 @@ void VM_cvar_defstring (void) cvar_string = Cvar_VariableDefString(name); - strcpy(out, cvar_string); + strlcpy(out, cvar_string, VM_STRINGTEMP_LENGTH); PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(out); } @@ -1819,12 +1819,14 @@ void VM_strzone(void) { char *out; char string[VM_STRINGTEMP_LENGTH]; + size_t alloclen; VM_SAFEPARMCOUNT(1,VM_strzone); VM_VarString(0, string, sizeof(string)); - PRVM_G_INT(OFS_RETURN) = PRVM_AllocString(strlen(string) + 1, &out); - strcpy(out, string); + alloclen = strlen(string) + 1; + PRVM_G_INT(OFS_RETURN) = PRVM_AllocString(alloclen, &out); + memcpy(out, string, alloclen); } /* @@ -1896,13 +1898,15 @@ void VM_tokenize (void) pos = 0; while(COM_ParseToken(&p, false)) { + size_t tokenlen; if (num_tokens >= (int)(sizeof(tokens)/sizeof(tokens[0]))) break; - if (pos + strlen(com_token) + 1 > sizeof(tokenbuf)) + tokenlen = strlen(com_token) + 1; + if (pos + tokenlen > sizeof(tokenbuf)) break; tokens[num_tokens++] = tokenbuf + pos; - strcpy(tokenbuf + pos, com_token); - pos += strlen(com_token) + 1; + memcpy(tokenbuf + pos, com_token, tokenlen); + pos += tokenlen; } PRVM_G_FLOAT(OFS_RETURN) = num_tokens; @@ -2309,7 +2313,7 @@ void VM_search_getfilename(void) } tmp = VM_GetTempString(); - strcpy(tmp, VM_SEARCHLIST[handle]->filenames[filenum]); + strlcpy(tmp, VM_SEARCHLIST[handle]->filenames[filenum], VM_STRINGTEMP_LENGTH); PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(tmp); } @@ -2663,7 +2667,7 @@ void VM_keynumtostring (void) tmp = VM_GetTempString(); - strcpy(tmp, Key_KeynumToString(keynum)); + strlcpy(tmp, Key_KeynumToString(keynum), VM_STRINGTEMP_LENGTH); PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(tmp); } @@ -3283,7 +3287,7 @@ void VM_altstr_set( void ) return; } - strcpy( out, in ); + strlcpy(out, in, VM_STRINGTEMP_LENGTH); PRVM_G_INT( OFS_RETURN ) = PRVM_SetEngineString( outstr ); } @@ -3322,7 +3326,7 @@ void VM_altstr_ins(void) for( ; *set ; *out++ = *set++ ); *out++ = '\''; - strcpy( out, in ); + strlcpy(out, in, VM_STRINGTEMP_LENGTH); PRVM_G_INT( OFS_RETURN ) = PRVM_SetEngineString( outstr ); } @@ -3527,13 +3531,15 @@ void VM_buf_copy (void) for(i=0;inum_strings;i++) if(b1->strings[i] && b1->strings[i][0]) { - b2->strings[i] = (char *)Z_Malloc(strlen(b1->strings[i])+1); + size_t stringlen; + stringlen = strlen(b1->strings[i]) + 1; + b2->strings[i] = (char *)Z_Malloc(stringlen); if(!b2->strings[i]) { VM_Warning("VM_buf_copy: not enough memory for buffer %i used in %s\n", (int)PRVM_G_FLOAT(OFS_PARM1), PRVM_NAME); break; } - strcpy(b2->strings[i], b1->strings[i]); + memcpy(b2->strings[i], b1->strings[i], stringlen); } } @@ -3677,6 +3683,7 @@ void VM_bufstr_set (void) int bufindex, strindex; qcstrbuffer_t *b; const char *news; + size_t alloclen; VM_SAFEPARMCOUNT(3, VM_bufstr_set); @@ -3701,8 +3708,9 @@ void VM_bufstr_set (void) } if(b->strings[strindex]) Z_Free(b->strings[strindex]); - b->strings[strindex] = (char *)Z_Malloc(strlen(news)+1); - strcpy(b->strings[strindex], news); + alloclen = strlen(news) + 1; + b->strings[strindex] = (char *)Z_Malloc(alloclen); + memcpy(b->strings[strindex], news, alloclen); } /* @@ -3718,6 +3726,7 @@ void VM_bufstr_add (void) int bufindex, order, strindex; qcstrbuffer_t *b; const char *string; + size_t alloclen; VM_SAFEPARMCOUNT(3, VM_bufstr_add); @@ -3761,8 +3770,9 @@ void VM_bufstr_add (void) } if(b->strings[strindex]) Z_Free(b->strings[strindex]); - b->strings[strindex] = (char *)Z_Malloc(strlen(string)+1); - strcpy(b->strings[strindex], string); + alloclen = strlen(string) + 1; + b->strings[strindex] = (char *)Z_Malloc(alloclen); + memcpy(b->strings[strindex], string, alloclen); PRVM_G_FLOAT(OFS_RETURN) = strindex; } diff --git a/prvm_edict.c b/prvm_edict.c index cde64645..98b1b982 100644 --- a/prvm_edict.c +++ b/prvm_edict.c @@ -848,7 +848,7 @@ void PRVM_ED_ParseGlobals (const char *data) if (com_token[0] == '}') break; - strcpy (keyname, com_token); + strlcpy (keyname, com_token, sizeof(keyname)); // parse value if (!COM_ParseTokenConsole(&data)) @@ -1047,7 +1047,7 @@ const char *PRVM_ED_ParseEdict (const char *data, prvm_edict_t *ent) // and allow them to be turned into vectors. (FIXME...) if (!strcmp(com_token, "angle")) { - strcpy (com_token, "angles"); + strlcpy (com_token, "angles", sizeof(com_token)); anglehack = true; } else @@ -1055,9 +1055,9 @@ const char *PRVM_ED_ParseEdict (const char *data, prvm_edict_t *ent) // FIXME: change light to _light to get rid of this hack if (!strcmp(com_token, "light")) - strcpy (com_token, "light_lev"); // hack for single light def + strlcpy (com_token, "light_lev", sizeof(com_token)); // hack for single light def - strcpy (keyname, com_token); + strlcpy (keyname, com_token, sizeof(keyname)); // another hack to fix keynames with trailing spaces n = strlen(keyname); @@ -1097,7 +1097,7 @@ const char *PRVM_ED_ParseEdict (const char *data, prvm_edict_t *ent) if (anglehack) { char temp[32]; - strcpy (temp, com_token); + strlcpy (temp, com_token, sizeof(temp)); sprintf (com_token, "0 %s 0", temp); } diff --git a/r_shadow.c b/r_shadow.c index 9f83ce63..d1023740 100644 --- a/r_shadow.c +++ b/r_shadow.c @@ -2072,7 +2072,7 @@ void R_RTLight_Update(dlight_t *light, int isstatic) rtlight->cullmaxs[2] = rtlight->shadoworigin[2] + rtlight->radius; rtlight->cubemapname[0] = 0; if (light->cubemapname[0]) - strcpy(rtlight->cubemapname, light->cubemapname); + strlcpy(rtlight->cubemapname, light->cubemapname, sizeof(rtlight->cubemapname)); else if (light->cubemapnum > 0) sprintf(rtlight->cubemapname, "cubemaps/%i", light->cubemapnum); rtlight->shadow = light->shadow; @@ -2577,7 +2577,7 @@ rtexture_t *R_Shadow_Cubemap(const char *basename) if (i >= MAX_CUBEMAPS) return r_texture_whitecube; numcubemaps++; - strcpy(cubemaps[i].basename, basename); + strlcpy(cubemaps[i].basename, basename, sizeof(cubemaps[i].basename)); cubemaps[i].texture = R_Shadow_LoadCubemap(cubemaps[i].basename); if (!cubemaps[i].texture) cubemaps[i].texture = r_texture_whitecube; @@ -2782,8 +2782,10 @@ void R_Shadow_LoadWorldLights(void) // remove quotes on cubemapname if (cubemapname[0] == '"' && cubemapname[strlen(cubemapname) - 1] == '"') { - cubemapname[strlen(cubemapname)-1] = 0; - strcpy(cubemapname, cubemapname + 1); + size_t namelen; + namelen = strlen(cubemapname) - 2; + memmove(cubemapname, cubemapname + 1, namelen); + cubemapname[namelen] = '\0'; } if (a < 8) { @@ -2950,14 +2952,14 @@ void R_Shadow_LoadWorldLightsFromMap_LightArghliteTyrlite(void) if (com_token[0] == '}') break; // end of entity if (com_token[0] == '_') - strcpy(key, com_token + 1); + strlcpy(key, com_token + 1, sizeof(key)); else - strcpy(key, com_token); + strlcpy(key, com_token, sizeof(key)); while (key[strlen(key)-1] == ' ') // remove trailing spaces key[strlen(key)-1] = 0; if (!COM_ParseTokenConsole(&data)) break; // error - strcpy(value, com_token); + strlcpy(value, com_token, sizeof(value)); // now that we have the key pair worked out... if (!strcmp("light", key)) @@ -3432,7 +3434,7 @@ void R_Shadow_EditLights_Edit_f(void) return; } if (Cmd_Argc() == 3) - strcpy(cubemapname, Cmd_Argv(2)); + strlcpy(cubemapname, Cmd_Argv(2), sizeof(cubemapname)); else cubemapname[0] = 0; } @@ -3702,7 +3704,7 @@ void R_Shadow_EditLights_CopyInfo_f(void) r_shadow_bufferlight.radius = r_shadow_selectedlight->radius; r_shadow_bufferlight.style = r_shadow_selectedlight->style; if (r_shadow_selectedlight->cubemapname) - strcpy(r_shadow_bufferlight.cubemapname, r_shadow_selectedlight->cubemapname); + strlcpy(r_shadow_bufferlight.cubemapname, r_shadow_selectedlight->cubemapname, sizeof(r_shadow_bufferlight.cubemapname)); else r_shadow_bufferlight.cubemapname[0] = 0; r_shadow_bufferlight.shadow = r_shadow_selectedlight->shadow; diff --git a/r_sky.c b/r_sky.c index 41b473a6..bf2c009e 100644 --- a/r_sky.c +++ b/r_sky.c @@ -142,7 +142,7 @@ int R_SetSkyBox(const char *sky) return false; } - strcpy(skyname, sky); + strlcpy(skyname, sky, sizeof(skyname)); return R_LoadSkyBox(); } diff --git a/sbar.c b/sbar.c index 011c79a8..264a6ef9 100644 --- a/sbar.c +++ b/sbar.c @@ -553,19 +553,30 @@ void Sbar_SortFrags (void) { if (color != (cl.scores[fragsort[i]].colors & 15)) { + const char* teamname; + color = cl.scores[fragsort[i]].colors & 15; teamlines++; - if (color == 4) - strcpy(teams[teamlines-1].name, "^1Red Team"); - else if (color == 13) - strcpy(teams[teamlines-1].name, "^4Blue Team"); - else if (color == 9) - strcpy(teams[teamlines-1].name, "^6Pink Team"); - else if (color == 12) - strcpy(teams[teamlines-1].name, "^3Yellow Team"); - else - strcpy(teams[teamlines-1].name, "Total Team Score"); + switch (color) + { + case 4: + teamname = "^1Red Team"; + break; + case 13: + teamname = "^4Blue Team"; + break; + case 9: + teamname = "^6Pink Team"; + break; + case 12: + teamname = "^3Yellow Team"; + break; + default: + teamname = "Total Team Score"; + break; + } + strlcpy(teams[teamlines-1].name, teamname, sizeof(teams[teamlines-1].name)); teams[teamlines-1].frags = 0; teams[teamlines-1].colors = color + 16 * color; diff --git a/snd_mem.c b/snd_mem.c index 777dd6c6..15e571b3 100644 --- a/snd_mem.c +++ b/snd_mem.c @@ -331,7 +331,7 @@ qboolean S_LoadSound (sfx_t *sfx, qboolean complain) if (S_LoadWavFile (namebuffer, sfx)) return true; if (len >= 4 && !strcasecmp (namebuffer + len - 4, ".wav")) - strcpy (namebuffer + len - 3, "ogg"); + memcpy (namebuffer + len - 3, "ogg", 4); if (OGG_LoadVorbisFile (namebuffer, sfx)) return true; } @@ -347,7 +347,7 @@ qboolean S_LoadSound (sfx_t *sfx, qboolean complain) if (S_LoadWavFile (namebuffer, sfx)) return true; if (len >= 4 && !strcasecmp (namebuffer + len - 4, ".wav")) - strcpy (namebuffer + len - 3, "ogg"); + memcpy (namebuffer + len - 3, "ogg", 4); if (OGG_LoadVorbisFile (namebuffer, sfx)) return true; diff --git a/sv_main.c b/sv_main.c index 0552bb2c..55fb0ef1 100644 --- a/sv_main.c +++ b/sv_main.c @@ -414,8 +414,8 @@ void SV_ConnectClient (int clientnum, netconn_t *netconnection) Con_DPrintf("Client %s connected\n", client->netconnection ? client->netconnection->address : "botclient"); - strcpy(client->name, "unconnected"); - strcpy(client->old_name, "unconnected"); + strlcpy(client->name, "unconnected", sizeof(client->name)); + strlcpy(client->old_name, "unconnected", sizeof(client->old_name)); client->spawned = false; client->edict = PRVM_EDICT_NUM(clientnum+1); if (client->netconnection) @@ -1292,7 +1292,7 @@ void SV_UpdateToReliableMessages (void) { if (host_client->spawned) SV_BroadcastPrintf("%s changed name to %s\n", host_client->old_name, host_client->name); - strcpy(host_client->old_name, host_client->name); + strlcpy(host_client->old_name, host_client->name, sizeof(host_client->old_name)); // send notification to all clients MSG_WriteByte (&sv.reliable_datagram, svc_updatename); MSG_WriteByte (&sv.reliable_datagram, i); @@ -1792,7 +1792,7 @@ void SV_SpawnServer (const char *server) worldmodel->used = true; strlcpy (sv.name, server, sizeof (sv.name)); - strcpy(sv.modelname, modelname); + strlcpy(sv.modelname, modelname, sizeof(sv.modelname)); sv.worldmodel = worldmodel; sv.models[1] = sv.worldmodel; diff --git a/sys_sdl.c b/sys_sdl.c index 5f3e6c6c..702cfaf8 100644 --- a/sys_sdl.c +++ b/sys_sdl.c @@ -176,8 +176,10 @@ char *Sys_GetClipboardData (void) { if ((cliptext = GlobalLock (hClipboardData)) != 0) { - data = Z_Malloc (GlobalSize(hClipboardData)+1); - strcpy (data, cliptext); + size_t allocsize; + allocsize = GlobalSize (hClipboardData) + 1; + data = Z_Malloc (allocsize); + strlcpy (data, cliptext, allocsize); GlobalUnlock (hClipboardData); } } diff --git a/sys_win.c b/sys_win.c index f0f3045d..6addcdfa 100644 --- a/sys_win.c +++ b/sys_win.c @@ -285,8 +285,10 @@ char *Sys_GetClipboardData (void) { if ((cliptext = GlobalLock (hClipboardData)) != 0) { - data = Z_Malloc (GlobalSize(hClipboardData)+1); - strcpy (data, cliptext); + size_t allocsize; + allocsize = GlobalSize (hClipboardData) + 1; + data = Z_Malloc (allocsize); + strlcpy (data, cliptext, allocsize); GlobalUnlock (hClipboardData); } } diff --git a/vid_agl.c b/vid_agl.c index 8a765011..32834c52 100644 --- a/vid_agl.c +++ b/vid_agl.c @@ -257,7 +257,7 @@ static int GL_OpenLibrary(void) Con_Printf("Unable to open symbol list for %s\n", name); return false; } - strcpy(gl_driver, name); + strlcpy(gl_driver, name, sizeof(gl_driver)); return true; } diff --git a/vid_glx.c b/vid_glx.c index 4955b817..463d3854 100644 --- a/vid_glx.c +++ b/vid_glx.c @@ -491,7 +491,7 @@ static int GL_OpenLibrary(const char *name) Con_Printf("Unable to open symbol list for %s\n", name); return false; } - strcpy(gl_driver, name); + strlcpy(gl_driver, name, sizeof(gl_driver)); return true; } diff --git a/vid_wgl.c b/vid_wgl.c index 3c5614d6..38c4d868 100644 --- a/vid_wgl.c +++ b/vid_wgl.c @@ -688,7 +688,7 @@ static int GL_OpenLibrary(const char *name) Con_Printf("Unable to LoadLibrary %s\n", name); return false; } - strcpy(gl_driver, name); + strlcpy(gl_driver, name, sizeof(gl_driver)); return true; }