qf/newtree
0
0
Fork 0
mirror of https://git.code.sf.net/p/quake/newtree synced 2025-04-17 04:01:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

strncat parameter audit. Unfortunatly, strncat is counter-intutite: the n in

Browse source 
strncat is not the maximum length of the destination string, but of the SOURCE
string, thus strncat (dest, src, sizeof (dest)) is incorrect. It should be
strncat (dest, src, sizeof (text) - strlen (dest)). Even then, no terminating
nul will be written if src is too long, but at least it won't crash the stack:)
This commit is contained in:
Bill Currie 2000-12-05 16:04:12 +00:00
parent 66e0e31b57
commit eae11661e4
19 changed files with 54 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
source/cl_parse.c
View file

@ -231,7 +231,8 @@ qboolean CL_CheckOrDownloadFile (char *filename)
// to the real name when done, so if interrupted
// a runt file wont be left
COM_StripExtension (cls.downloadname, cls.downloadtempname);
strncat (cls.downloadtempname, ".tmp", sizeof(cls.downloadtempname));
strncat (cls.downloadtempname, ".tmp",
sizeof (cls.downloadtempname) - strlen (cls.downloadtempname));
MSG_WriteByte (&cls.netchan.message, clc_stringcmd);
MSG_WriteString (&cls.netchan.message, va("download %s", cls.downloadname));

2
source/cl_sys_win.c
View file

@ -331,7 +331,7 @@ char *Sys_ConsoleInput (void)
if (i>0) {
textCopied[i]=0;
text[len]=0;
strncat (text, textCopied, sizeof(text));
strncat (text, textCopied, sizeof(text) - strlen (text));
len+=dummy;
WriteFile(houtput, textCopied, i, &dummy, NULL);
}

10
source/cmd.c
View file

@ -317,8 +317,8 @@ void Cmd_StuffCmds_f (void)
c = com_cmdline[j];
com_cmdline[j] = 0;
strncat (build, com_cmdline+i, sizeof(build));
strncat (build, "\n", sizeof(build));
strncat (build, com_cmdline+i, sizeof(build) - strlen (build));
strncat (build, "\n", sizeof(build) - strlen (build));
com_cmdline[j] = c;
i = j-1;
}
@ -473,11 +473,11 @@ void Cmd_Alias_f (void)
c = Cmd_Argc();
for (i=2 ; i< c ; i++)
{
strncat (cmd, Cmd_Argv(i), sizeof(cmd));
strncat (cmd, Cmd_Argv(i), sizeof(cmd) - strlen (cmd));
if (i != c)
strncat (cmd, " ", sizeof(cmd));
strncat (cmd, " ", sizeof(cmd) - strlen (cmd));
}
strncat (cmd, "\n", sizeof(cmd));
strncat (cmd, "\n", sizeof(cmd) - strlen (cmd));
a->value = CopyString (cmd);
}

6
source/console.c
View file

@ -620,10 +620,10 @@ void Con_DrawConsole (int lines)
y = x - i - 11;
strncpy(dlbar, text, i);
dlbar[i] = 0;
strncat (dlbar, "...", sizeof(dlbar));
strncat (dlbar, "...", sizeof(dlbar) - strlen (dlbar));
} else
strcpy(dlbar, text);
strncat (dlbar, ": ", sizeof(dlbar));
strncpy(dlbar, text, sizeof (dlbar));
strncat (dlbar, ": ", sizeof(dlbar) - strlen (dlbar));
i = strlen(dlbar);
dlbar[i++] = '\x80';
// where's the dot go?

2
source/gl_mesh.c
View file

@ -329,7 +329,7 @@ void GL_MakeAliasModelDisplayLists (model_t *m, aliashdr_t *hdr)
//
strcpy (cache, "glquake/");
COM_StripExtension (m->name+strlen("progs/"), cache+strlen("glquake/"));
strncat (cache, ".ms2", sizeof(cache));
strncat (cache, ".ms2", sizeof(cache) - strlen (cache));
COM_FOpenFile (cache, &f);
if (f)

2
source/gl_model_brush.c
View file

@ -79,7 +79,7 @@ void Mod_LoadLighting (lump_t *l)
strcpy(litfilename, loadmodel->name);
COM_StripExtension(litfilename, litfilename);
strncat (litfilename, ".lit", sizeof(litfilename));
strncat (litfilename, ".lit", sizeof(litfilename) - strlen (litfilename));
loadmodel->lightdata = (byte*) COM_LoadHunkFile (litfilename);
if (!loadmodel->lightdata) // expand the white lighting data

38
source/gl_rmain.c
View file

@ -202,12 +202,12 @@ qboolean R_CullBox (vec3_t mins, vec3_t maxs)
void R_RotateForEntity (entity_t *e)
{
glTranslatef (e->origin[0], e->origin[1], e->origin[2]);
glTranslatef (e->origin[0], e->origin[1], e->origin[2]);
glRotatef (e->angles[1], 0, 0, 1);
glRotatef (-e->angles[0], 0, 1, 0);
glRotatef (e->angles[1], 0, 0, 1);
glRotatef (-e->angles[0], 0, 1, 0);
//ZOID: fixed z angle
glRotatef (e->angles[2], 1, 0, 0);
glRotatef (e->angles[2], 1, 0, 0);
}
/*
@ -301,7 +301,7 @@ static void R_DrawSpriteModel (entity_t *e)
right = vright;
}
glBindTexture (GL_TEXTURE_2D, frame->gl_texturenum);
glBindTexture (GL_TEXTURE_2D, frame->gl_texturenum);
glEnable (GL_ALPHA_TEST);
glBegin (GL_QUADS);
@ -626,7 +626,7 @@ static void R_DrawAliasModel (entity_t *e)
}
anim = (int)(cl.time*10) & 3;
glBindTexture (GL_TEXTURE_2D, paliashdr->gl_texturenum[currententity->skinnum][anim]);
glBindTexture (GL_TEXTURE_2D, paliashdr->gl_texturenum[currententity->skinnum][anim]);
// we can't dynamically colormap textures, so they are cached
// seperately for the players. Heads are just uncolored.
@ -639,7 +639,7 @@ static void R_DrawAliasModel (entity_t *e)
R_TranslatePlayerSkin(i);
}
if (i >= 0 && i<MAX_CLIENTS)
glBindTexture (GL_TEXTURE_2D, playertextures + i);
glBindTexture (GL_TEXTURE_2D, playertextures + i);
}
if (gl_affinemodels->int_val)
@ -832,7 +832,7 @@ static void R_SetupFrame (void)
static void MYgluPerspective( GLdouble fovy, GLdouble aspect,
GLdouble zNear, GLdouble zFar )
GLdouble zNear, GLdouble zFar )
{
GLdouble xmin, xmax, ymin, ymax;
@ -861,7 +861,7 @@ static void R_SetupGL (void)
// set up viewpoint
//
glMatrixMode(GL_PROJECTION);
glLoadIdentity ();
glLoadIdentity ();
x = r_refdef.vrect.x * glwidth/vid.width;
x2 = (r_refdef.vrect.x + r_refdef.vrect.width) * glwidth/vid.width;
y = (vid.height-r_refdef.vrect.y) * glheight/vid.height;
@ -887,22 +887,22 @@ static void R_SetupGL (void)
}
glViewport (glx + x, gly + y2, w, h);
screenaspect = (float)r_refdef.vrect.width/r_refdef.vrect.height;
screenaspect = (float)r_refdef.vrect.width/r_refdef.vrect.height;
// yfov = 2*atan((float)r_refdef.vrect.height/r_refdef.vrect.width)*180/M_PI;
// yfov = (2.0 * tan (scr_fov->value/360*M_PI)) / screenaspect;
// yfov = 2*atan((float)r_refdef.vrect.height/r_refdef.vrect.width)*(scr_fov->value*2)/M_PI;
// MYgluPerspective (yfov, screenaspect, 4, 4096);
MYgluPerspective (r_refdef.fov_y, screenaspect, 4, 4096);
// MYgluPerspective (yfov, screenaspect, 4, 4096);
MYgluPerspective (r_refdef.fov_y, screenaspect, 4, 4096);
glMatrixMode(GL_MODELVIEW);
glLoadIdentity ();
glLoadIdentity ();
glRotatef (-90, 1, 0, 0); // put Z going up
glRotatef (90, 0, 0, 1); // put Z going up
glRotatef (-r_refdef.viewangles[2], 1, 0, 0);
glRotatef (-r_refdef.viewangles[0], 0, 1, 0);
glRotatef (-r_refdef.viewangles[1], 0, 0, 1);
glTranslatef (-r_refdef.vieworg[0], -r_refdef.vieworg[1], -r_refdef.vieworg[2]);
glRotatef (-90, 1, 0, 0); // put Z going up
glRotatef (90, 0, 0, 1); // put Z going up
glRotatef (-r_refdef.viewangles[2], 1, 0, 0);
glRotatef (-r_refdef.viewangles[0], 0, 1, 0);
glRotatef (-r_refdef.viewangles[1], 0, 0, 1);
glTranslatef (-r_refdef.vieworg[0], -r_refdef.vieworg[1], -r_refdef.vieworg[2]);
glGetFloatv (GL_MODELVIEW_MATRIX, r_world_matrix);

4
source/keys.c
View file

@ -659,9 +659,9 @@ Key_Bind_f ( void )
cmd[0] = 0; // start out with a null string
for (i=2 ; i< c ; i++)
{
strncat (cmd, Cmd_Argv(i), sizeof(cmd));
strncat (cmd, Cmd_Argv(i), sizeof(cmd) - strlen (cmd));
if (i != (c-1))
strncat (cmd, " ", sizeof(cmd));
strncat (cmd, " ", sizeof(cmd) - strlen (cmd));
}
Key_SetBinding (b, cmd);

4
source/pr_cmds.c
View file

@ -65,7 +65,7 @@ char *PF_VarString (int first)
out[0] = 0;
for (i=first ; i<pr_argc ; i++)
{
strncat (out, G_STRING((OFS_PARM0+i*3)), sizeof(out));
strncat (out, G_STRING((OFS_PARM0+i*3)), sizeof(out) - strlen (out));
}
return out;
}
@ -722,7 +722,7 @@ void PF_stuffcmd (void)
buf = cl->stufftext_buf;
if (strlen(buf) + strlen(str) >= MAX_STUFFTEXT)
PR_RunError ("stufftext buffer overflow");
strncat (buf, str, sizeof(buf));
strncat (buf, str, sizeof(buf) - strlen (buf));
for (i = strlen(buf); i >= 0; i--)
{

8
source/pr_edict.c
View file

@ -426,8 +426,8 @@ char *PR_GlobalString (int ofs)
i = strlen(line);
for ( ; i<20 ; i++)
strncat (line, " ", sizeof(line));
strncat (line, " ", sizeof(line));
strncat (line, " ", sizeof(line) - strlen (line));
strncat (line, " ", sizeof(line) - strlen (line));
return line;
}
@ -446,8 +446,8 @@ char *PR_GlobalStringNoContents (int ofs)
i = strlen(line);
for ( ; i<20 ; i++)
strncat (line, " ", sizeof(line));
strncat (line, " ", sizeof(line));
strncat (line, " ", sizeof(line) - strlen (line));
strncat (line, " ", sizeof(line) - strlen (line));
return line;
}

4
source/qargs.c
View file

@ -113,9 +113,9 @@ void COM_InitArgv (int argc, char **argv)
if (len) {
for (i=1; i < argc; i++)
{
strncat (com_cmdline, argv[i], len);
strncat (com_cmdline, argv[i], len - strlen (com_cmdline));
assert(len - strlen(com_cmdline) > 0);
strncat (com_cmdline, " ", sizeof(com_cmdline));
strncat (com_cmdline, " ", len - strlen (com_cmdline));
}
com_cmdline[len - 1] = '\0';
}

4
source/quakefs.c
View file

@ -520,7 +520,7 @@ _COM_FOpenFile (char *filename, QFile **gzfile, char *foundname, int zip)
filenamelen = strlen(filename);
strncpy(gzfilename,filename,sizeof(gzfilename));
strncat(gzfilename,".gz",sizeof(gzfilename));
strncat(gzfilename,".gz",sizeof(gzfilename) - strlen (gzfilename));
#endif
file_from_pak = 0;
@ -1145,5 +1145,5 @@ void COM_DefaultExtension (char *path, char *extension)
src--;
}
strncat (path, extension, sizeof(path));
strncat (path, extension, sizeof(path) - strlen (path));
}

2
source/quakeio.c
View file

@ -82,7 +82,7 @@ Qexpand_squiggle(const char *path, char *dest)
if (home) {
strcpy (dest, home);
strncat (dest, path+1, sizeof(dest)); // skip leading ~
strncat (dest, path+1, sizeof(dest) - strlen (dest)); // skip leading ~
} else
strcpy (dest,path);
}

4
source/snd_dma.c
View file

@ -957,7 +957,7 @@ void S_Play(void)
if (!strrchr(Cmd_Argv(i), '.'))
{
strcpy(name, Cmd_Argv(i));
strncat (name, ".wav", sizeof(name));
strncat (name, ".wav", sizeof(name) - strlen (name));
}
else
strcpy(name, Cmd_Argv(i));
@ -981,7 +981,7 @@ void S_PlayVol(void)
if (!strrchr(Cmd_Argv(i), '.'))
{
strcpy(name, Cmd_Argv(i));
strncat (name, ".wav", sizeof(name));
strncat (name, ".wav", sizeof(name) - strlen (name));
}
else
strcpy(name, Cmd_Argv(i));

2
source/snd_mem.c
View file

@ -180,7 +180,7 @@ sfxcache_t *S_LoadSound (sfx_t *s)
//Con_Printf ("S_LoadSound: %x\n", (int)stackbuf);
// load it in
strcpy(namebuffer, "sound/");
strncat (namebuffer, s->name, sizeof(namebuffer));
strncat (namebuffer, s->name, sizeof(namebuffer) - strlen (namebuffer));
// Con_Printf ("loading %s\n",namebuffer);

2
source/sv_ccmds.c
View file

@ -528,7 +528,7 @@ void SV_ConSay_f(void)
p[strlen(p)-1] = 0;
}
strncat (text, p, sizeof(text));
strncat (text, p, sizeof(text) - strlen (text));
for (j = 0, client = svs.clients; j < MAX_CLIENTS; j++, client++)
{

4
source/sv_main.c
View file

@ -545,7 +545,7 @@ SVC_Log (void)
NET_AdrToString (net_from));
// sprintf (data, "stdlog %i\n", svs.logsequence-1);
// strncat (data, (char *)svs.log_buf[((svs.logsequence-1)&1)], sizeof(data));
// strncat (data, (char *)svs.log_buf[((svs.logsequence-1)&1)], sizeof(data) - strlen (data));
snprintf (data, sizeof (data), "stdlog %i\n%s",
svs.logsequence - 1,
(char *) svs.log_buf[((svs.logsequence - 1) & 1)]);
@ -1210,7 +1210,7 @@ SV_SendBan (void)
data[0] = data[1] = data[2] = data[3] = 0xff;
data[4] = A2C_PRINT;
data[5] = 0;
strncat (data, "\nbanned.\n", sizeof(data));
strncat (data, "\nbanned.\n", sizeof(data) - strlen (data));
NET_SendPacket (strlen (data), data, net_from);
}

2
source/sv_send.c
View file

@ -146,7 +146,7 @@ void Con_Printf (char *fmt, ...)
if (sv_redirected) { // Add to redirected message
if (strlen (msg) + strlen (outputbuf) > sizeof (outputbuf) - 1)
SV_FlushRedirect ();
strncat (outputbuf, msg, sizeof(outputbuf));
strncat (outputbuf, msg, sizeof(outputbuf) - strlen (outputbuf));
return;
} else { // We want to output to console and maybe logfile
if (sv_timestamps && sv_timefmt && sv_timefmt->string && sv_timestamps->int_val)

4
source/sv_user.c
View file

@ -854,8 +854,8 @@ void SV_Say (qboolean team)
p[strlen(p)-1] = 0;
}
strncat (text, p, sizeof(text));
strncat (text, "\n", sizeof(text));
strncat (text, p, sizeof(text) - strlen (text));
strncat (text, "\n", sizeof(text) - strlen (text));
Sys_Printf ("%s", text);