fix: Replace strcpy with strlcpy for robustness #1712
Conversation
Skyaero42
added
Minor
Skyaero42
force-pushed
the
skyaero/strcpy-to-strlcpy
branch
from
498a8e9 to
db9bc33
Compare
Skyaero42
force-pushed
the
skyaero/strcpy-to-strlcpy
branch
from
db9bc33 to
a11e0e0
Compare
Skyaero42
changed the title
This comment was marked as off-topic.
This comment was marked as off-topic.
xezon
left a comment
xezon
left a comment
There was a problem hiding this comment.
The Munkees really loved their string buffers.
Before continuing this change, I think we need another change that gets rid of all the redundant and obsolete buffer copies that I have raised in this review. I don't know if I caught them all, so more reviewing is required.
| return buffer; | ||
| } | ||
| strcpy(buffer, w3d_name); | ||
| strlcpy(buffer, w3d_name, ARRAY_SIZE(buffer)); |
Skyaero42
force-pushed
the
skyaero/strcpy-to-strlcpy
branch
2 times, most recently
from
cd6da64 to
994e0df
Compare
Skyaero42
force-pushed
the
skyaero/strcpy-to-strlcpy
branch
5 times, most recently
from
38188de to
40dee38
Compare
|
Changes addressing review comments added in a separate commit |
Skyaero42
force-pushed
the
skyaero/strcpy-to-strlcpy
branch
from
40dee38 to
fd90bbe
Compare
GeneralsMD/Code/GameEngineDevice/Source/W3DDevice/GameClient/Water/W3DWaterTracks.cpp
Show resolved
Hide resolved
GeneralsMD/Code/GameEngine/Source/GameLogic/System/GameLogic.cpp
Outdated
Show resolved
Hide resolved
xezon
left a comment
xezon
left a comment
There was a problem hiding this comment.
This change now contains a bunch of edits that do not relate to strcpy replacements, but simplifications to get rid of unnecessary strcpy and related junk. How about we move them to a separate Pull Request?
| WWASSERT(name != NULL); | ||
| WWASSERT(strlen(name) < 2*W3D_NAME_LEN); | ||
| strcpy(Name,name); | ||
| strlcpy(Name, name, ARRAY_SIZE(Name)); |
There was a problem hiding this comment.
Use assert like in SphereRenderObjClass::Set_Name
|
|
||
| // Copy all characters from start to end (excluding 'end') | ||
| // into the w3d_name buffer. Then capitalize the string. | ||
| int num_chars = end - start; |
| return buffer; | ||
| } | ||
| strcpy(buffer, w3d_name); | ||
| strlcpy(buffer, w3d_name, ARRAY_SIZE(buffer)); |
| strcpy(s_buf, fname); | ||
| strlcpy(s_buf, fname, ARRAY_SIZE(s_buf)); | ||
|
|
||
| char tmp[256]; |
|
|
||
| // copy over the full path and filename | ||
| strcpy( m_savePathAndFilename, fullPathAndFilename ); | ||
| strlcpy(m_savePathAndFilename, fullPathAndFilename, ARRAY_SIZE(m_saveFilename)); |
| strlcat(curbuf, ".ini", ARRAY_SIZE(curbuf)); | ||
| strlcat(buffer, name.str(), ARRAY_SIZE(buffer)); | ||
| strlcat(buffer, "_BuildList", ARRAY_SIZE(buffer)); | ||
| strlcat(buffer, ".ini", ARRAY_SIZE(buffer)); |
| char buffer[ _MAX_PATH ]; | ||
| ::GetModuleFileName( NULL, buffer, sizeof( buffer ) ); | ||
| char *pEnd = buffer + strlen( buffer ); | ||
| while( pEnd != buffer ) |
There was a problem hiding this comment.
This thing here looks like a poor mans strrchr and can be simplied. There are 3 of these per game in code base. Can do in separate change because is not directly related to strcpy.
|
|
||
| FilenameList filenameList; | ||
| TheFileSystem->getFileListInDirectory(AsciiString(dirBuf), AsciiString("*.w3d"), filenameList, FALSE); | ||
| TheFileSystem->getFileListInDirectory(AsciiString(".\\data\\Editor\\Molds\\"), AsciiString("*.w3d"), filenameList, FALSE); |
There was a problem hiding this comment.
Remove AsciiString. You already did in another file too.
| strlcat(fileBuf, "/", ARRAY_SIZE(findBuf)); | ||
| strlcat(fileBuf, token.str(), ARRAY_SIZE(findBuf)); | ||
| strlcpy(fileBuf, TEST_STRING, ARRAY_SIZE(fileBuf)); | ||
| strlcat(fileBuf, "/", ARRAY_SIZE(fileBuf)); |
There was a problem hiding this comment.
Can merge this cat with the one above. TEST_STRING "/" is valid.
|
Obsoleted pull |
3 participants
Replacing
strcpyforstrlcpywhere applicableTODO: