Fix unchecked buffer size issues in l_script.c and l_precomp.c

Found by Coverity.
This commit is contained in:
Zack Middleton 2014-05-25 17:02:33 -05:00
parent 078d004dc2
commit eea9fbdb61
2 changed files with 16 additions and 9 deletions

View file

@ -995,14 +995,14 @@ int PC_Directive_include(source_t *source)
script = LoadScriptFile(token.string); script = LoadScriptFile(token.string);
if (!script) if (!script)
{ {
strcpy(path, source->includepath); Q_strncpyz(path, source->includepath, sizeof(path));
strcat(path, token.string); Q_strcat(path, sizeof(path), token.string);
script = LoadScriptFile(path); script = LoadScriptFile(path);
} //end if } //end if
} //end if } //end if
else if (token.type == TT_PUNCTUATION && *token.string == '<') else if (token.type == TT_PUNCTUATION && *token.string == '<')
{ {
strcpy(path, source->includepath); Q_strncpyz(path, source->includepath, sizeof(path));
while(PC_ReadSourceToken(source, &token)) while(PC_ReadSourceToken(source, &token))
{ {
if (token.linescrossed > 0) if (token.linescrossed > 0)
@ -1011,7 +1011,7 @@ int PC_Directive_include(source_t *source)
break; break;
} //end if } //end if
if (token.type == TT_PUNCTUATION && *token.string == '>') break; if (token.type == TT_PUNCTUATION && *token.string == '>') break;
strncat(path, token.string, MAX_PATH - 1); Q_strcat(path, sizeof(path), token.string);
} //end while } //end while
if (*token.string != '>') if (*token.string != '>')
{ {
@ -2831,6 +2831,7 @@ int PC_ExpectTokenType(source_t *source, int type, int subtype, token_t *token)
{ {
if ((token->subtype & subtype) != subtype) if ((token->subtype & subtype) != subtype)
{ {
strcpy(str, "");
if (subtype & TT_DECIMAL) strcpy(str, "decimal"); if (subtype & TT_DECIMAL) strcpy(str, "decimal");
if (subtype & TT_HEX) strcpy(str, "hex"); if (subtype & TT_HEX) strcpy(str, "hex");
if (subtype & TT_OCTAL) strcpy(str, "octal"); if (subtype & TT_OCTAL) strcpy(str, "octal");
@ -2954,10 +2955,14 @@ void PC_UnreadToken(source_t *source, token_t *token)
//============================================================================ //============================================================================
void PC_SetIncludePath(source_t *source, char *path) void PC_SetIncludePath(source_t *source, char *path)
{ {
strncpy(source->includepath, path, MAX_PATH); size_t len;
Q_strncpyz(source->includepath, path, MAX_PATH-1);
len = strlen(source->includepath);
//add trailing path seperator //add trailing path seperator
if (source->includepath[strlen(source->includepath)-1] != '\\' && if (len > 0 && source->includepath[len-1] != '\\' &&
source->includepath[strlen(source->includepath)-1] != '/') source->includepath[len-1] != '/')
{ {
strcat(source->includepath, PATHSEPERATOR_STR); strcat(source->includepath, PATHSEPERATOR_STR);
} //end if } //end if

View file

@ -956,6 +956,7 @@ int PS_ExpectTokenType(script_t *script, int type, int subtype, token_t *token)
if (token->type != type) if (token->type != type)
{ {
strcpy(str, "");
if (type == TT_STRING) strcpy(str, "string"); if (type == TT_STRING) strcpy(str, "string");
if (type == TT_LITERAL) strcpy(str, "literal"); if (type == TT_LITERAL) strcpy(str, "literal");
if (type == TT_NUMBER) strcpy(str, "number"); if (type == TT_NUMBER) strcpy(str, "number");
@ -968,6 +969,7 @@ int PS_ExpectTokenType(script_t *script, int type, int subtype, token_t *token)
{ {
if ((token->subtype & subtype) != subtype) if ((token->subtype & subtype) != subtype)
{ {
strcpy(str, "");
if (subtype & TT_DECIMAL) strcpy(str, "decimal"); if (subtype & TT_DECIMAL) strcpy(str, "decimal");
if (subtype & TT_HEX) strcpy(str, "hex"); if (subtype & TT_HEX) strcpy(str, "hex");
if (subtype & TT_OCTAL) strcpy(str, "octal"); if (subtype & TT_OCTAL) strcpy(str, "octal");
@ -1350,7 +1352,7 @@ script_t *LoadScriptFile(const char *filename)
buffer = GetClearedMemory(sizeof(script_t) + length + 1); buffer = GetClearedMemory(sizeof(script_t) + length + 1);
script = (script_t *) buffer; script = (script_t *) buffer;
Com_Memset(script, 0, sizeof(script_t)); Com_Memset(script, 0, sizeof(script_t));
strcpy(script->filename, filename); Q_strncpyz(script->filename, filename, sizeof(script->filename));
script->buffer = (char *) buffer + sizeof(script_t); script->buffer = (char *) buffer + sizeof(script_t);
script->buffer[length] = 0; script->buffer[length] = 0;
script->length = length; script->length = length;
@ -1396,7 +1398,7 @@ script_t *LoadScriptMemory(char *ptr, int length, char *name)
buffer = GetClearedMemory(sizeof(script_t) + length + 1); buffer = GetClearedMemory(sizeof(script_t) + length + 1);
script = (script_t *) buffer; script = (script_t *) buffer;
Com_Memset(script, 0, sizeof(script_t)); Com_Memset(script, 0, sizeof(script_t));
strcpy(script->filename, name); Q_strncpyz(script->filename, name, sizeof(script->filename));
script->buffer = (char *) buffer + sizeof(script_t); script->buffer = (char *) buffer + sizeof(script_t);
script->buffer[length] = 0; script->buffer[length] = 0;
script->length = length; script->length = length;