fix: Replace strcpy with strlcpy to prevent potential buffer overflows (#1808)

Author: Skyaero42

Core/GameEngine/Source/Common/System/Debug.cpp

@@ -381,6 +381,7 @@ void DebugInit(int flags)
 			*(pEnd + 1) = 0;
 		}
 
+		static_assert(ARRAY_SIZE(theLogFileNamePrev) >= ARRAY_SIZE(dirbuf), "Incorrect array size");
 		strcpy(theLogFileNamePrev, dirbuf);
 		strlcat(theLogFileNamePrev, gAppPrefix, ARRAY_SIZE(theLogFileNamePrev));
 		strlcat(theLogFileNamePrev, DEBUG_FILE_NAME_PREV, ARRAY_SIZE(theLogFileNamePrev));
@@ -391,6 +392,7 @@ void DebugInit(int flags)
 		}
 		strlcat(theLogFileNamePrev, ".txt", ARRAY_SIZE(theLogFileNamePrev));
 
+		static_assert(ARRAY_SIZE(theLogFileName) >= ARRAY_SIZE(dirbuf), "Incorrect array size");
 		strcpy(theLogFileName, dirbuf);
 		strlcat(theLogFileName, gAppPrefix, ARRAY_SIZE(theLogFileNamePrev));
 		strlcat(theLogFileName, DEBUG_FILE_NAME, ARRAY_SIZE(theLogFileNamePrev));
@@ -730,9 +732,9 @@ void ReleaseCrash(const char *reason)
 		return; // We are shutting down, and TheGlobalData has been freed.  jba. [4/15/2003]
 	}
 
-	strcpy(prevbuf, TheGlobalData->getPath_UserData().str());
+	strlcpy(prevbuf, TheGlobalData->getPath_UserData().str(), ARRAY_SIZE(prevbuf));
 	strlcat(prevbuf, RELEASECRASH_FILE_NAME_PREV, ARRAY_SIZE(prevbuf));
-	strcpy(curbuf, TheGlobalData->getPath_UserData().str());
+	strlcpy(curbuf, TheGlobalData->getPath_UserData().str(), ARRAY_SIZE(curbuf));
 	strlcat(curbuf, RELEASECRASH_FILE_NAME, ARRAY_SIZE(curbuf));
 
  	remove(prevbuf);
@@ -819,9 +821,9 @@ void ReleaseCrashLocalized(const AsciiString& p, const AsciiString& m)
 	char prevbuf[ _MAX_PATH ];
 	char curbuf[ _MAX_PATH ];
 
-	strcpy(prevbuf, TheGlobalData->getPath_UserData().str());
+	strlcpy(prevbuf, TheGlobalData->getPath_UserData().str(), ARRAY_SIZE(prevbuf));
 	strlcat(prevbuf, RELEASECRASH_FILE_NAME_PREV, ARRAY_SIZE(prevbuf));
-	strcpy(curbuf, TheGlobalData->getPath_UserData().str());
+	strlcpy(curbuf, TheGlobalData->getPath_UserData().str(), ARRAY_SIZE(curbuf));
 	strlcat(curbuf, RELEASECRASH_FILE_NAME, ARRAY_SIZE(curbuf));
 
  	remove(prevbuf);

Core/GameEngine/Source/Common/System/GameMemory.cpp

@@ -2975,7 +2975,7 @@ void MemoryPoolFactory::memoryPoolUsageReport( const char* filename, FILE *appen
 	if( !appendToFileInstead )
 	{
 		char tmp[256];
-		strcpy(tmp,filename);
+		strlcpy(tmp, filename, ARRAY_SIZE(tmp));
 		strlcat(tmp, ".csv", ARRAY_SIZE(tmp));
 		perfStatsFile = fopen(tmp, "w");
 	}

Core/GameEngineDevice/Source/StdDevice/Common/StdLocalFileSystem.cpp

@@ -211,7 +211,6 @@ Bool StdLocalFileSystem::doesFileExist(const Char *filename) const
 void StdLocalFileSystem::getFileListInDirectory(const AsciiString& currentDirectory, const AsciiString& originalDirectory, const AsciiString& searchName, FilenameList & filenameList, Bool searchSubdirectories) const
 {
 
-	char search[_MAX_PATH];
 	AsciiString asciisearch;
 	asciisearch = originalDirectory;
 	asciisearch.concat(currentDirectory);
@@ -227,17 +226,15 @@ void StdLocalFileSystem::getFileListInDirectory(const AsciiString& currentDirect
 	std::replace(fixedDirectory.begin(), fixedDirectory.end(), '\\', '/');
 #endif
 
-	strcpy(search, fixedDirectory.c_str());
-
 	Bool done = FALSE;
 	std::error_code ec;
 
-	auto iter = std::filesystem::directory_iterator(search, ec);
+	auto iter = std::filesystem::directory_iterator(fixedDirectory.c_str(), ec);
 	// The default iterator constructor creates an end iterator
 	done = iter == std::filesystem::directory_iterator();
 
 	if (ec) {
-		DEBUG_LOG(("StdLocalFileSystem::getFileListInDirectory - Error opening directory %s", search));
+		DEBUG_LOG(("StdLocalFileSystem::getFileListInDirectory - Error opening directory %s", fixedDirectory.c_str()));
 		return;
 	}
 

Core/GameEngineDevice/Source/Win32Device/Common/Win32LocalFileSystem.cpp

@@ -127,16 +127,14 @@ void Win32LocalFileSystem::getFileListInDirectory(const AsciiString& currentDire
 	HANDLE fileHandle = NULL;
 	WIN32_FIND_DATA findData;
 
-	char search[_MAX_PATH];
 	AsciiString asciisearch;
 	asciisearch = originalDirectory;
 	asciisearch.concat(currentDirectory);
 	asciisearch.concat(searchName);
-	strcpy(search, asciisearch.str());
 
 	Bool done = FALSE;
 
-	fileHandle = FindFirstFile(search, &findData);
+	fileHandle = FindFirstFile(asciisearch.str(), &findData);
 	done = (fileHandle == INVALID_HANDLE_VALUE);
 
 	while (!done)	{

Core/Libraries/Source/WWVegas/WW3D2/collect.cpp

@@ -1015,7 +1015,8 @@ WW3DErrorType CollectionDefClass::Load(ChunkLoadClass & cload)
 	if (cload.Read(&header,sizeof(header)) != sizeof(header)) goto Error;
 	if (!cload.Close_Chunk()) goto Error;
 
-	strlcpy(Name,header.Name,W3D_NAME_LEN);
+	static_assert(ARRAY_SIZE(Name) >= ARRAY_SIZE(header.Name), "Incorrect array size");
+	strcpy(Name,header.Name);
 	ObjectNames.Resize(header.RenderObjectCount);
 
 	while (cload.Open_Chunk()) {

Core/Libraries/Source/WWVegas/WW3D2/hcanim.cpp

@@ -255,15 +255,17 @@ int HCompressedAnimClass::Load_W3D(ChunkLoadClass & cload)
 
 	cload.Close_Chunk();
 
-	strcpy(Name,aheader.HierarchyName);
+	static_assert(ARRAY_SIZE(Name) >= ARRAY_SIZE(aheader.HierarchyName), "Incorrect array size");
+	strcpy(Name, aheader.HierarchyName);
 	strlcat(Name, ".", ARRAY_SIZE(Name));
 	strlcat(Name, aheader.Name, ARRAY_SIZE(Name));
 
 	// TSS chasing crash bug 05/26/99
    WWASSERT(HierarchyName != NULL);
    WWASSERT(aheader.HierarchyName != NULL);
    WWASSERT(sizeof(HierarchyName) >= W3D_NAME_LEN);
-   strlcpy(HierarchyName,aheader.HierarchyName,W3D_NAME_LEN);
+	 static_assert(ARRAY_SIZE(HierarchyName) >= ARRAY_SIZE(aheader.HierarchyName), "Incorrect array size");
+	 strcpy(HierarchyName, aheader.HierarchyName);
 
 	HTreeClass * base_pose = WW3DAssetManager::Get_Instance()->Get_HTree(HierarchyName);
 	if (base_pose == NULL) {

Core/Libraries/Source/WWVegas/WW3D2/hmdldef.cpp

@@ -148,9 +148,12 @@ int HModelDefClass::Load_W3D(ChunkLoadClass & cload)
 	/*
 	** process the header info
 	*/
-	strlcpy(ModelName,header.Name,W3D_NAME_LEN);
-	strlcpy(BasePoseName,header.HierarchyName,W3D_NAME_LEN);
-	strcpy(Name,ModelName);
+	static_assert(ARRAY_SIZE(ModelName) >= ARRAY_SIZE(header.Name), "Incorrect array size");
+	static_assert(ARRAY_SIZE(BasePoseName) >= ARRAY_SIZE(header.HierarchyName), "Incorrect array size");
+	static_assert(ARRAY_SIZE(Name) >= ARRAY_SIZE(ModelName), "Incorrect array size");
+	strcpy(ModelName, header.Name);
+	strcpy(BasePoseName, header.HierarchyName);
+	strcpy(Name, ModelName);
 
 	/*
 	** Just allocate a node for the number of sub objects we're expecting
@@ -232,7 +235,8 @@ bool HModelDefClass::read_connection(ChunkLoadClass & cload,HmdlNodeDefStruct *
 		return false;
 	}
 
-	strcpy(node->RenderObjName,ModelName);
+	static_assert(ARRAY_SIZE(node->RenderObjName) >= ARRAY_SIZE(ModelName), "Incorrect array size");
+	strcpy(node->RenderObjName, ModelName);
 	strlcat(node->RenderObjName, ".", ARRAY_SIZE(node->RenderObjName));
 	strlcat(node->RenderObjName, con.RenderObjName, ARRAY_SIZE(node->RenderObjName));
 

Core/Libraries/Source/WWVegas/WW3D2/ringobj.cpp

@@ -1206,7 +1206,7 @@ RingPrototypeClass::RingPrototypeClass (void)
 RingPrototypeClass::RingPrototypeClass(RingRenderObjClass *ring)
 {
 	::memset (&Definition, 0, sizeof (Definition));
-	::strcpy (Definition.Name, ring->Get_Name ());
+	strlcpy(Definition.Name, ring->Get_Name(), ARRAY_SIZE(Definition.Name));
 
 	Definition.AnimDuration			= ring->AnimDuration;
 	Definition.Attributes			= ring->Get_Flags ();
@@ -1237,7 +1237,7 @@ RingPrototypeClass::RingPrototypeClass(RingRenderObjClass *ring)
 			filename = name;
 		}
 
-		::strcpy (Definition.TextureName, filename);
+		strlcpy(Definition.TextureName, filename, ARRAY_SIZE(Definition.TextureName));
 	}
 
 	//

Core/Libraries/Source/WWVegas/WW3D2/sphereobj.cpp

@@ -1162,7 +1162,7 @@ SpherePrototypeClass::SpherePrototypeClass (void)
 SpherePrototypeClass::SpherePrototypeClass(SphereRenderObjClass *sphere)
 {
 	::memset (&Definition, 0, sizeof (Definition));
-	::strcpy (Definition.Name, sphere->Get_Name ());
+	strlcpy(Definition.Name, sphere->Get_Name(), ARRAY_SIZE(Definition.Name));
 
 	Definition.DefaultAlpha = sphere->Get_Default_Alpha ();
 	Definition.AnimDuration = sphere->AnimDuration;
@@ -1190,7 +1190,7 @@ SpherePrototypeClass::SpherePrototypeClass(SphereRenderObjClass *sphere)
 			filename = name;
 		}
 
-		::strcpy (Definition.TextureName, filename);
+		strlcpy(Definition.TextureName, filename, ARRAY_SIZE(Definition.TextureName));
 
 	}
 

Core/Libraries/Source/WWVegas/WWDownload/FTP.cpp

@@ -1719,7 +1719,7 @@ HRESULT  Cftp::FileRecoveryPosition( LPCSTR szLocalFileName, LPCSTR szRegistryRo
 
 	// Concatenate the registry key together
 
-	strcpy( regkey, szRegistryRoot );
+	strlcpy(regkey, szRegistryRoot, ARRAY_SIZE(regkey));
 	if( regkey[ strlen( regkey ) - 1 ] != '\\' )
 	{
 		strlcat(regkey, "\\Download", ARRAY_SIZE(regkey));