fix buffer overruns in file enumeration

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@2290 fc73d0e0-1445-4013-8a0c-d673dee63da5

engine/client/sys_linux.c

@@ -267,7 +267,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 	if (s < apath)	//didn't find a '/'
 		*apath = '\0';
 
-	sprintf(truepath, "%s/%s", gpath, apath);
+	Q_snprintfz(truepath, sizeof(truepath), "%s/%s", gpath, apath);
 
 
 //printf("truepath = %s\n", truepath);
@@ -288,18 +288,18 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 		if (*ent->d_name != '.')
 			if (wildcmp(match, ent->d_name))
 			{
-				snprintf(file, sizeof(file)-1, "%s/%s", gpath, ent->d_name);
+				Q_snprintfz(file, sizeof(file), "%s/%s", gpath, ent->d_name);
 //would use stat, but it breaks on fat32.
 
 				if ((dir2 = opendir(file)))
 				{
 					closedir(dir2);
-					snprintf(file, sizeof(file)-1, "%s%s/", apath, ent->d_name);
+					Q_snprintfz(file, sizeof(file), "%s%s/", apath, ent->d_name);
 //printf("is directory = %s\n", file);
 				}
 				else
 				{
-					snprintf(file, sizeof(file)-1, "%s%s", apath, ent->d_name);
+					Q_snprintfz(file, sizeof(file), "%s%s", apath, ent->d_name);
 //printf("file = %s\n", file);
 				}
 

engine/client/sys_win.c

@@ -375,7 +375,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 	if (!gpath)
 		return 0;
 //	strcpy(apath, match);
-	sprintf(apath, "%s/%s", gpath, match);
+	Q_snprintfz(apath, sizeof(apath), "%s/%s", gpath, match);
 	for (s = apath+strlen(apath)-1; s> apath; s--)
 	{
 		if (*s == '/')			
@@ -384,7 +384,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 	*s = '\0';
 
 	//this is what we ask windows for.
-	sprintf(file, "%s/*.*", apath);
+	Q_snprintfz(file, sizeof(file), "%s/*.*", apath);
 
 	//we need to make apath contain the path in match but not gpath
 	Q_strncpyz(apath2, match, sizeof(apath));
@@ -409,7 +409,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 		{
 			if (wildcmp(match, fd.cFileName))
 			{
-				sprintf(file, "%s%s/", apath2, fd.cFileName);
+				Q_snprintfz(file, sizeof(file), "%s%s/", apath2, fd.cFileName);
 				go = func(file, fd.nFileSizeLow, parm);
 			}
 		}
@@ -417,7 +417,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 		{
 			if (wildcmp(match, fd.cFileName))
 			{
-				sprintf(file, "%s%s", apath2, fd.cFileName);
+				Q_snprintfz(file, sizeof(file), "%s%s", apath2, fd.cFileName);
 				go = func(file, fd.nFileSizeLow, parm);
 			}
 		}

engine/common/common.c

@@ -328,54 +328,6 @@ int Q_strcasecmp (char *s1, char *s2)
 
 #endif
 
-// Q_ftoa: convert IEEE 754 float to a base-10 string with "infinite" decimal places
-void Q_ftoa(char *str, float in)
-{
-	unsigned int i = *((int *)&in);
-
-	int signbit = (i & 0x80000000) >> 31;
-	int exp = (signed int)((i & 0x7F800000) >> 23) - 127;
-	int mantissa = (i & 0x007FFFFF);
-
-	if (exp == 128) // 255(NaN/Infinity bits) - 127(bias)
-	{
-		if (signbit)
-		{
-			*str = '-';
-			str++;
-		}
-		if (mantissa == 0) // infinity
-			strcpy(str, "1.#INF");
-		else // NaN or indeterminate
-			strcpy(str, "1.#NAN");
-		return;
-	}
-
-	exp = -exp;
-	exp = (int)(exp * 0.30102999957f); // convert base 2 to base 10
-	exp += 8;
-
-	if (exp <= 0)
-		sprintf(str, "%f", in);
-	else
-	{
-		char tstr[8];
-		char *lsig = str - 1;
-		sprintf(tstr, "%%.%if", exp);
-		sprintf(str, tstr, in);
-		// find last significant digit and trim
-		while (*str)
-		{
-			if (*str >= '1' && *str <= '9')
-				lsig = str;
-			else if (*str == '.')
-				lsig = str - 1;
-			str++;
-		}
-		lsig[1] = '\0';
-	}
-}
-
 char *Q_strlwr(char *s)
 {
 	char *ret=s;
@@ -433,6 +385,54 @@ int wildcmp(char *wild, char *string)
 	return !*wild;
 }
 
+// Q_ftoa: convert IEEE 754 float to a base-10 string with "infinite" decimal places
+void Q_ftoa(char *str, float in)
+{
+	unsigned int i = *((int *)&in);
+
+	int signbit = (i & 0x80000000) >> 31;
+	int exp = (signed int)((i & 0x7F800000) >> 23) - 127;
+	int mantissa = (i & 0x007FFFFF);
+
+	if (exp == 128) // 255(NaN/Infinity bits) - 127(bias)
+	{
+		if (signbit)
+		{
+			*str = '-';
+			str++;
+		}
+		if (mantissa == 0) // infinity
+			strcpy(str, "1.#INF");
+		else // NaN or indeterminate
+			strcpy(str, "1.#NAN");
+		return;
+	}
+
+	exp = -exp;
+	exp = (int)(exp * 0.30102999957f); // convert base 2 to base 10
+	exp += 8;
+
+	if (exp <= 0)
+		sprintf(str, "%.0f", in);
+	else
+	{
+		char tstr[8];
+		char *lsig = str - 1;
+		sprintf(tstr, "%%.%if", exp);
+		sprintf(str, tstr, in);
+		// find last significant digit and trim
+		while (*str)
+		{
+			if (*str >= '1' && *str <= '9')
+				lsig = str;
+			else if (*str == '.')
+				lsig = str - 1;
+			str++;
+		}
+		lsig[1] = '\0';
+	}
+}
+
 int Q_atoi (char *str)
 {
 	int		val;

engine/server/sv_sys_unix.c

@@ -743,7 +743,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 	if (s < apath)	//didn't find a '/'
 		*apath = '\0';
 
-	sprintf(truepath, "%s/%s", gpath, apath);
+	Q_snprintfz(truepath, sizeof(truepath), "%s/%s", gpath, apath);
 
 
 //printf("truepath = %s\n", truepath);
@@ -764,18 +764,18 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 		if (*ent->d_name != '.')
 			if (wildcmp(match, ent->d_name))
 			{
-				snprintf(file, sizeof(file)-1, "%s/%s", gpath, ent->d_name);
+				Q_snprintfz(file, sizeof(file), "%s/%s", gpath, ent->d_name);
 //would use stat, but it breaks on fat32.
 
 				if ((dir2 = opendir(file)))
 				{
 					closedir(dir2);
-					snprintf(file, sizeof(file)-1, "%s%s/", apath, ent->d_name);
+					Q_snprintfz(file, sizeof(file), "%s%s/", apath, ent->d_name);
 //printf("is directory = %s\n", file);
 				}
 				else
 				{
-					snprintf(file, sizeof(file)-1, "%s%s", apath, ent->d_name);
+					Q_snprintfz(file, sizeof(file), "%s%s", apath, ent->d_name);
 //printf("file = %s\n", file);
 				}
 

engine/server/sv_sys_win.c

@@ -239,7 +239,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 	char file[MAX_OSPATH];
 	char *s;
 	int go;
-	strcpy(apath, match);
+	Q_strncpyz(apath, match, sizeof(apath));
 //	sprintf(apath, "%s%s", gpath, match);
 	for (s = apath+strlen(apath)-1; s>= apath; s--)
 	{
@@ -251,7 +251,7 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 	
 
 
-	sprintf(file, "%s/%s", gpath, match);
+	Q_snprintfz(file, sizeof(file), "%s/%s", gpath, match);
 	r = FindFirstFile(file, &fd);
 	if (r==(HANDLE)-1)
 		return 1;
@@ -262,13 +262,13 @@ int Sys_EnumerateFiles (char *gpath, char *match, int (*func)(char *, int, void
 		{
 			if (*fd.cFileName != '.')
 			{
-				sprintf(file, "%s%s/", apath, fd.cFileName);
+				Q_snprintfz(file, sizeof(file), "%s%s/", apath, fd.cFileName);
 				go = func(file, fd.nFileSizeLow, parm);
 			}
 		}
 		else
 		{
-			sprintf(file, "%s%s", apath, fd.cFileName);
+			Q_snprintfz(file, sizeof(file), "%s%s", apath, fd.cFileName);
 			go = func(file, fd.nFileSizeLow, parm);
 		}
 	}