From eea9fbdb61d95cf48cbcdaa3b5f38daadc0ce1c6 Mon Sep 17 00:00:00 2001 From: Zack Middleton Date: Sun, 25 May 2014 17:02:33 -0500 Subject: [PATCH] Fix unchecked buffer size issues in l_script.c and l_precomp.c Found by Coverity. --- code/botlib/l_precomp.c | 19 ++++++++++++------- code/botlib/l_script.c | 6 ++++-- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/code/botlib/l_precomp.c b/code/botlib/l_precomp.c index bfa7564c..a98213a4 100644 --- a/code/botlib/l_precomp.c +++ b/code/botlib/l_precomp.c @@ -995,14 +995,14 @@ int PC_Directive_include(source_t *source) script = LoadScriptFile(token.string); if (!script) { - strcpy(path, source->includepath); - strcat(path, token.string); + Q_strncpyz(path, source->includepath, sizeof(path)); + Q_strcat(path, sizeof(path), token.string); script = LoadScriptFile(path); } //end if } //end if else if (token.type == TT_PUNCTUATION && *token.string == '<') { - strcpy(path, source->includepath); + Q_strncpyz(path, source->includepath, sizeof(path)); while(PC_ReadSourceToken(source, &token)) { if (token.linescrossed > 0) @@ -1011,7 +1011,7 @@ int PC_Directive_include(source_t *source) break; } //end if if (token.type == TT_PUNCTUATION && *token.string == '>') break; - strncat(path, token.string, MAX_PATH - 1); + Q_strcat(path, sizeof(path), token.string); } //end while if (*token.string != '>') { @@ -2831,6 +2831,7 @@ int PC_ExpectTokenType(source_t *source, int type, int subtype, token_t *token) { if ((token->subtype & subtype) != subtype) { + strcpy(str, ""); if (subtype & TT_DECIMAL) strcpy(str, "decimal"); if (subtype & TT_HEX) strcpy(str, "hex"); if (subtype & TT_OCTAL) strcpy(str, "octal"); @@ -2954,10 +2955,14 @@ void PC_UnreadToken(source_t *source, token_t *token) //============================================================================ void PC_SetIncludePath(source_t *source, char *path) { - strncpy(source->includepath, path, MAX_PATH); + size_t len; + + Q_strncpyz(source->includepath, path, MAX_PATH-1); + + len = strlen(source->includepath); //add trailing path seperator - if (source->includepath[strlen(source->includepath)-1] != '\\' && - source->includepath[strlen(source->includepath)-1] != '/') + if (len > 0 && source->includepath[len-1] != '\\' && + source->includepath[len-1] != '/') { strcat(source->includepath, PATHSEPERATOR_STR); } //end if diff --git a/code/botlib/l_script.c b/code/botlib/l_script.c index 766032ab..ee9cddc0 100644 --- a/code/botlib/l_script.c +++ b/code/botlib/l_script.c @@ -956,6 +956,7 @@ int PS_ExpectTokenType(script_t *script, int type, int subtype, token_t *token) if (token->type != type) { + strcpy(str, ""); if (type == TT_STRING) strcpy(str, "string"); if (type == TT_LITERAL) strcpy(str, "literal"); if (type == TT_NUMBER) strcpy(str, "number"); @@ -968,6 +969,7 @@ int PS_ExpectTokenType(script_t *script, int type, int subtype, token_t *token) { if ((token->subtype & subtype) != subtype) { + strcpy(str, ""); if (subtype & TT_DECIMAL) strcpy(str, "decimal"); if (subtype & TT_HEX) strcpy(str, "hex"); if (subtype & TT_OCTAL) strcpy(str, "octal"); @@ -1350,7 +1352,7 @@ script_t *LoadScriptFile(const char *filename) buffer = GetClearedMemory(sizeof(script_t) + length + 1); script = (script_t *) buffer; Com_Memset(script, 0, sizeof(script_t)); - strcpy(script->filename, filename); + Q_strncpyz(script->filename, filename, sizeof(script->filename)); script->buffer = (char *) buffer + sizeof(script_t); script->buffer[length] = 0; script->length = length; @@ -1396,7 +1398,7 @@ script_t *LoadScriptMemory(char *ptr, int length, char *name) buffer = GetClearedMemory(sizeof(script_t) + length + 1); script = (script_t *) buffer; Com_Memset(script, 0, sizeof(script_t)); - strcpy(script->filename, name); + Q_strncpyz(script->filename, name, sizeof(script->filename)); script->buffer = (char *) buffer + sizeof(script_t); script->buffer[length] = 0; script->length = length;