TorqueGameEngines/Torque3D
1
0
Fork 0
mirror of https://github.com/TorqueGameEngines/Torque3D.git synced 2026-04-21 04:15:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2219 from CouleeApps/security-fixes

Browse source 
Security Fixes: String Buffers
This commit is contained in:
Areloch 2018-03-16 23:48:19 -05:00 committed by GitHub
commit 71ac83fc9f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
127 changed files with 667 additions and 582 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Engine/source/gui/controls/guiAnimBitmapCtrl.cpp
View file

@ -167,8 +167,9 @@ bool guiAnimBitmapCtrl::ptSetFrameRanges(void *object, const char *index, const
pData->mCurFrameIndex = pData->mNumFrames;
return true;
}
char* tokCopy = new char[dStrlen(data) + 1];
dStrcpy(tokCopy, data);
dsize_t tokLen = dStrlen(data) + 1;
char* tokCopy = new char[tokLen];
dStrcpy(tokCopy, data, tokLen);
char* currTok = dStrtok(tokCopy, " \t");
while (currTok != NULL)
@ -291,4 +292,4 @@ void guiAnimBitmapCtrl::onRender(Point2I offset, const RectI &updateRect)
}
renderChildControls(offset, updateRect);
}
}

2
Engine/source/gui/controls/guiDirectoryFileListCtrl.cpp
View file

@ -195,7 +195,7 @@ DefineEngineMethod( GuiDirectoryFileListCtrl, getSelectedFiles, const char*, (),
dMemset( itemBuffer, 0, itemBufSize );
dSprintf( itemBuffer, itemBufSize, " %s", itemText );
dStrcat( returnBuffer, itemBuffer );
dStrcat( returnBuffer, itemBuffer, itemBufSize );
}
return returnBuffer;

2
Engine/source/gui/controls/guiFileTreeCtrl.cpp
View file

@ -276,7 +276,7 @@ void GuiFileTreeCtrl::recurseInsert( Item* parent, StringTableEntry path )
char szPathCopy [ 1024 ];
dMemset( szPathCopy, 0, 1024 );
dStrcpy( szPathCopy, path );
dStrcpy( szPathCopy, path, 1024 );
// Jump over the first character if it's a root /
char *curPos = szPathCopy;

2
Engine/source/gui/controls/guiListBoxCtrl.cpp
View file

@ -458,7 +458,7 @@ DefineEngineMethod( GuiListBoxCtrl, getSelectedItems, const char*, (),,
{
UTF8 retFormat[12];
dSprintf( retFormat, 12, "%d ", (*i) );
dStrcat( retBuffer, retFormat );
dStrcat( retBuffer, retFormat, 12 );
}
return retBuffer;

9
Engine/source/gui/controls/guiPopUpCtrl.cpp
View file

@ -566,13 +566,14 @@ void GuiPopUpMenuCtrl::setBitmap( const char *name )
{
char buffer[1024];
char *p;
dStrcpy(buffer, name);
dStrcpy(buffer, name, 1024);
p = buffer + dStrlen(buffer);
S32 pLen = 1024 - dStrlen(buffer);
dStrcpy(p, "_n");
dStrcpy(p, "_n", pLen);
mTextureNormal = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureNormal (line %d)", __FUNCTION__, __LINE__) );
dStrcpy(p, "_d");
dStrcpy(p, "_d", pLen);
mTextureDepressed = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureDepressed (line %d)", __FUNCTION__, __LINE__) );
if ( !mTextureDepressed )
mTextureDepressed = mTextureNormal;
@ -637,7 +638,7 @@ void GuiPopUpMenuCtrl::addEntry( const char *buf, S32 id, U32 scheme )
mIdMax = id;
Entry e;
dStrcpy( e.buf, buf );
dStrcpy( e.buf, buf, 256 );
e.id = id;
e.scheme = scheme;

21
Engine/source/gui/controls/guiPopUpCtrlEx.cpp
View file

@ -390,7 +390,7 @@ DefineEngineMethod( GuiPopUpMenuCtrlEx, addScheme, void, (S32 id, ColorI fontCol
U32 r, g, b;
char buf[64];
dStrcpy( buf, argv[3] );
dStrcpy( buf, argv[3], 64 );
char* temp = dStrtok( buf, " \0" );
r = temp ? dAtoi( temp ) : 0;
temp = dStrtok( NULL, " \0" );
@ -399,7 +399,7 @@ DefineEngineMethod( GuiPopUpMenuCtrlEx, addScheme, void, (S32 id, ColorI fontCol
b = temp ? dAtoi( temp ) : 0;
fontColor.set( r, g, b );
dStrcpy( buf, argv[4] );
dStrcpy( buf, argv[4], 64 );
temp = dStrtok( buf, " \0" );
r = temp ? dAtoi( temp ) : 0;
temp = dStrtok( NULL, " \0" );
@ -408,7 +408,7 @@ DefineEngineMethod( GuiPopUpMenuCtrlEx, addScheme, void, (S32 id, ColorI fontCol
b = temp ? dAtoi( temp ) : 0;
fontColorHL.set( r, g, b );
dStrcpy( buf, argv[5] );
dStrcpy( buf, argv[5], 64 );
temp = dStrtok( buf, " \0" );
r = temp ? dAtoi( temp ) : 0;
temp = dStrtok( NULL, " \0" );
@ -426,7 +426,7 @@ DefineEngineMethod( GuiPopUpMenuCtrlEx, addScheme, void, (S32 id, ColorI fontCol
// U32 r, g, b;
// char buf[64];
//
// dStrcpy( buf, argv[3] );
// dStrcpy( buf, argv[3], 64 );
// char* temp = dStrtok( buf, " \0" );
// r = temp ? dAtoi( temp ) : 0;
// temp = dStrtok( NULL, " \0" );
@ -435,7 +435,7 @@ DefineEngineMethod( GuiPopUpMenuCtrlEx, addScheme, void, (S32 id, ColorI fontCol
// b = temp ? dAtoi( temp ) : 0;
// fontColor.set( r, g, b );
//
// dStrcpy( buf, argv[4] );
// dStrcpy( buf, argv[4], 64 );
// temp = dStrtok( buf, " \0" );
// r = temp ? dAtoi( temp ) : 0;
// temp = dStrtok( NULL, " \0" );
@ -444,7 +444,7 @@ DefineEngineMethod( GuiPopUpMenuCtrlEx, addScheme, void, (S32 id, ColorI fontCol
// b = temp ? dAtoi( temp ) : 0;
// fontColorHL.set( r, g, b );
//
// dStrcpy( buf, argv[5] );
// dStrcpy( buf, argv[5], 64 );
// temp = dStrtok( buf, " \0" );
// r = temp ? dAtoi( temp ) : 0;
// temp = dStrtok( NULL, " \0" );
@ -771,13 +771,14 @@ void GuiPopUpMenuCtrlEx::setBitmap(const char *name)
{
char buffer[1024];
char *p;
dStrcpy(buffer, name);
dStrcpy(buffer, name, 1024);
p = buffer + dStrlen(buffer);
S32 pLen = 1024 - dStrlen(buffer);
dStrcpy(p, "_n");
dStrcpy(p, "_n", pLen);
mTextureNormal = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureNormal (line %d)", __FUNCTION__, __LINE__) );
dStrcpy(p, "_d");
dStrcpy(p, "_d", pLen);
mTextureDepressed = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureDepressed (line %d)", __FUNCTION__, __LINE__) );
if ( !mTextureDepressed )
mTextureDepressed = mTextureNormal;
@ -840,7 +841,7 @@ void GuiPopUpMenuCtrlEx::addEntry(const char *buf, S32 id, U32 scheme)
mIdMax = id;
Entry e;
dStrcpy( e.buf, buf );
dStrcpy( e.buf, buf, 256 );
e.id = id;
e.scheme = scheme;

2
Engine/source/gui/controls/guiTabPageCtrl.cpp
View file

@ -50,7 +50,7 @@ GuiTabPageCtrl::GuiTabPageCtrl(void)
{
setExtent(Point2I(100, 200));
mFitBook = false;
dStrcpy(mText,(UTF8*)"TabPage");
dStrcpy(mText,(UTF8*)"TabPage", MAX_STRING_LENGTH);
mActive = true;
mIsContainer = true;
}

8
Engine/source/gui/controls/guiTreeViewCtrl.cpp
View file

@ -4754,15 +4754,15 @@ StringTableEntry GuiTreeViewCtrl::getTextToRoot( S32 itemId, const char * delimi
dMemset( bufferOne, 0, sizeof(bufferOne) );
dMemset( bufferTwo, 0, sizeof(bufferTwo) );
dStrcpy( bufferOne, item->getText() );
dStrcpy( bufferOne, item->getText(), 1024 );
Item *prevNode = item->mParent;
while ( prevNode )
{
dMemset( bufferNodeText, 0, sizeof(bufferNodeText) );
dStrcpy( bufferNodeText, prevNode->getText() );
dStrcpy( bufferNodeText, prevNode->getText(), 128 );
dSprintf( bufferTwo, 1024, "%s%s%s",bufferNodeText, delimiter, bufferOne );
dStrcpy( bufferOne, bufferTwo );
dStrcpy( bufferOne, bufferTwo, 1024 );
dMemset( bufferTwo, 0, sizeof(bufferTwo) );
prevNode = prevNode->mParent;
}
@ -5570,4 +5570,4 @@ DefineEngineMethod(GuiTreeViewCtrl, getItemAtPosition, S32, (Point2I position),
"@return The id of the item under the position.")
{
return object->getItemAtPosition(position);
}
}