From d722b998ed34aed9827422a6f8084df79d8b33c9 Mon Sep 17 00:00:00 2001 From: hendricks266 Date: Fri, 1 Dec 2017 06:19:12 +0000 Subject: [PATCH] Make sure I_EnterText never writes a null terminator out of bounds. git-svn-id: https://svn.eduke32.com/eduke32@6530 1a8010ca-5511-0410-912e-c29ae57300e0 --- source/duke3d/src/menus.cpp | 12 ++++++------ source/duke3d/src/menus.h | 4 ++-- source/duke3d/src/net.cpp | 4 +++- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/source/duke3d/src/menus.cpp b/source/duke3d/src/menus.cpp index 44a5cccf9..e3f01cdfc 100644 --- a/source/duke3d/src/menus.cpp +++ b/source/duke3d/src/menus.cpp @@ -3179,7 +3179,7 @@ static int32_t Menu_EntryStringSubmit(MenuEntry_t *entry, char *input) else { ud.savegame[M_SAVE.currentEntry][MAXSAVEGAMENAME] = 0; - Bstrncpy(object->variable, input, object->maxlength); + Bstrncpy(object->variable, input, object->bufsize); } G_SavePlayerMaybeMulti(M_SAVE.currentEntry); @@ -5648,8 +5648,8 @@ static void Menu_RunInput_EntryString_Activate(MenuEntry_t *entry) object->editfield = typebuf; // this limitation is an arbitrary implementation detail - if (object->maxlength > TYPEBUFSIZE) - object->maxlength = TYPEBUFSIZE; + if (object->bufsize > TYPEBUFSIZE) + object->bufsize = TYPEBUFSIZE; Menu_EntryStringActivate(/*entry*/); WithSDL2_StartTextInput(); @@ -5658,7 +5658,7 @@ static void Menu_RunInput_EntryString_Activate(MenuEntry_t *entry) static void Menu_RunInput_EntryString_Submit(MenuEntry_t *entry, MenuString_t *object) { if (!Menu_EntryStringSubmit(entry, object->editfield)) - Bstrncpy(object->variable, object->editfield, object->maxlength); + Bstrncpy(object->variable, object->editfield, object->bufsize); object->editfield = NULL; WithSDL2_StopTextInput(); @@ -5784,7 +5784,7 @@ static void Menu_RunInput(Menu_t *cm) case TextForm: { MenuTextForm_t *object = (MenuTextForm_t*)cm->object; - int32_t hitstate = I_EnterText(object->input, object->maxlength, 0); + int32_t hitstate = I_EnterText(object->input, object->bufsize-1, 0); if (hitstate == -1 || Menu_RunInput_MouseReturn()) { @@ -6250,7 +6250,7 @@ static void Menu_RunInput(Menu_t *cm) { MenuString_t *object = (MenuString_t*)currentry->entry; - int32_t hitstate = I_EnterText(object->editfield, object->maxlength, object->flags); + int32_t hitstate = I_EnterText(object->editfield, object->bufsize-1, object->flags); if (hitstate == -1 || Menu_RunInput_MouseReturn()) { diff --git a/source/duke3d/src/menus.h b/source/duke3d/src/menus.h index f88a7c0ad..bd38f717e 100644 --- a/source/duke3d/src/menus.h +++ b/source/duke3d/src/menus.h @@ -295,7 +295,7 @@ typedef struct MenuString_t MenuFont_t *font; // effect - int32_t maxlength; + int32_t bufsize; int32_t flags; } MenuString_t; typedef struct MenuSpacer_t @@ -392,7 +392,7 @@ typedef struct MenuTextForm_t // traits const char *instructions; - int32_t maxlength; + int32_t bufsize; uint8_t flags; } MenuTextForm_t; typedef struct MenuFileSelect_t diff --git a/source/duke3d/src/net.cpp b/source/duke3d/src/net.cpp index 832b743fc..22133e80f 100644 --- a/source/duke3d/src/net.cpp +++ b/source/duke3d/src/net.cpp @@ -1812,7 +1812,9 @@ void Net_SendMessage(void) } else { - int32_t const hitstate = I_EnterText(typebuf, 120, 0); +#define MAXCHATLENGTH 120 + EDUKE32_STATIC_ASSERT(MAXCHATLENGTH < TYPEBUFSIZE); + int32_t const hitstate = I_EnterText(typebuf, MAXCHATLENGTH, 0); int32_t const y = ud.screen_size > 1 ? (200-58)<<16 : (200-35)<<16;