From 7769da9434ab7f3ccbac40daf7d34d4f02444594 Mon Sep 17 00:00:00 2001 From: Glenn Smith Date: Tue, 6 Mar 2018 00:48:44 -0500 Subject: [PATCH] Use strncat instead of strcat to prevent some buffer overflows --- Engine/source/T3D/shapeImage.cpp | 2 +- Engine/source/afx/arcaneFX.cpp | 6 +- Engine/source/afx/rpg/afxRPGMagicSpell.cpp | 2 +- Engine/source/app/net/net.cpp | 4 +- Engine/source/console/codeInterpreter.cpp | 22 +++--- Engine/source/console/compiledEval.cpp | 4 +- Engine/source/console/console.cpp | 4 +- Engine/source/console/consoleFunctions.cpp | 6 +- Engine/source/console/consoleInternal.cpp | 18 ++--- Engine/source/console/consoleObject.cpp | 12 +-- Engine/source/console/fieldBrushObject.cpp | 2 +- Engine/source/console/persistenceManager.cpp | 8 +- Engine/source/console/scriptFilename.cpp | 2 +- Engine/source/console/simFieldDictionary.cpp | 2 +- Engine/source/console/simObject.cpp | 12 +-- Engine/source/console/telnetDebugger.cpp | 10 +-- Engine/source/core/strings/stringFunctions.h | 14 +++- Engine/source/core/strings/stringUnit.cpp | 6 +- Engine/source/gfx/gl/sdl/gfxGLDevice.sdl.cpp | 2 +- Engine/source/gui/containers/guiFormCtrl.cpp | 4 +- .../gui/controls/guiDirectoryFileListCtrl.cpp | 2 +- Engine/source/gui/controls/guiListBoxCtrl.cpp | 2 +- Engine/source/gui/editor/guiFilterCtrl.cpp | 4 +- .../source/gui/worldEditor/terrainEditor.cpp | 8 +- .../source/materials/materialDefinition.cpp | 10 +-- Engine/source/platform/profiler.cpp | 4 +- Engine/source/platformPOSIX/posixVolume.cpp | 2 +- .../source/platformWin32/winDInputDevice.cpp | 14 ++-- Engine/source/platformWin32/winFileio.cpp | 9 ++- Engine/source/sim/actionMap.cpp | 78 +++++++++---------- Engine/source/sim/netStringTable.cpp | 2 +- Engine/source/terrain/terrData.cpp | 4 +- 32 files changed, 147 insertions(+), 134 deletions(-) diff --git a/Engine/source/T3D/shapeImage.cpp b/Engine/source/T3D/shapeImage.cpp index 627e8e433..4319baa4e 100644 --- a/Engine/source/T3D/shapeImage.cpp +++ b/Engine/source/T3D/shapeImage.cpp @@ -522,7 +522,7 @@ bool ShapeBaseImageData::preload(bool server, String &errorStr) if (stateSequence[j] && stateSequence[j][0] && stateSequenceRandomFlash[j]) { char bufferVis[128]; dStrncpy(bufferVis, stateSequence[j], 100); - dStrcat(bufferVis, "_vis"); + dStrcat(bufferVis, "_vis", 128); s.sequenceVis[i] = shape[i]->findSequence(bufferVis); } if (s.sequenceVis[i] != -1) diff --git a/Engine/source/afx/arcaneFX.cpp b/Engine/source/afx/arcaneFX.cpp index 59da040ea..8ec0e9760 100644 --- a/Engine/source/afx/arcaneFX.cpp +++ b/Engine/source/afx/arcaneFX.cpp @@ -908,7 +908,7 @@ ConsoleFunction(echoThru, const char*, 2, 0, "(string passthru, string text...)" char *ret = Con::getReturnBuffer(len + 1); ret[0] = 0; for(i = 2; i < argc; i++) - dStrcat(ret, argv[i]); + dStrcat(ret, argv[i], len); Con::printf("%s -- [%s]", ret, argv[1].getStringValue()); ret[0] = 0; @@ -928,7 +928,7 @@ ConsoleFunction(warnThru, const char*, 2, 0, "(string passthru, string text...)" char *ret = Con::getReturnBuffer(len + 1); ret[0] = 0; for(i = 2; i < argc; i++) - dStrcat(ret, argv[i]); + dStrcat(ret, argv[i], len); Con::warnf("%s -- [%s]", ret, argv[1].getStringValue()); ret[0] = 0; @@ -948,7 +948,7 @@ ConsoleFunction(errorThru, const char*, 2, 0, "(string passthru, string text...) char *ret = Con::getReturnBuffer(len + 1); ret[0] = 0; for(i = 2; i < argc; i++) - dStrcat(ret, argv[i]); + dStrcat(ret, argv[i], len); Con::errorf("%s -- [%s]", ret, argv[1].getStringValue()); ret[0] = 0; diff --git a/Engine/source/afx/rpg/afxRPGMagicSpell.cpp b/Engine/source/afx/rpg/afxRPGMagicSpell.cpp index dae982fa8..6490ad260 100644 --- a/Engine/source/afx/rpg/afxRPGMagicSpell.cpp +++ b/Engine/source/afx/rpg/afxRPGMagicSpell.cpp @@ -227,7 +227,7 @@ char* afxRPGMagicSpellData::formatDesc(char* buffer, int len) const { dStrcpy(target_str, _afxRPGMagicSpell_TargetType::_sEnumTable[i].mName); if (spell_target != TARGET_FREE && target_optional) - dStrcat(target_str, " (opt)"); + dStrcat(target_str, " (opt)", 32); } break; } diff --git a/Engine/source/app/net/net.cpp b/Engine/source/app/net/net.cpp index ab08da057..f668d2651 100644 --- a/Engine/source/app/net/net.cpp +++ b/Engine/source/app/net/net.cpp @@ -129,7 +129,7 @@ if(conn->isConnectionToServer()) { dStrcpy(mBuf, "clientCmd"); - dStrcat(mBuf, rmtCommandName); + dStrcat(mBuf, rmtCommandName, 1024); char *temp = mArgv[1]; mArgv[1] = mBuf; @@ -140,7 +140,7 @@ else { dStrcpy(mBuf, "serverCmd"); - dStrcat(mBuf, rmtCommandName); + dStrcat(mBuf, rmtCommandName, 1024); char *temp = mArgv[1]; dSprintf(idBuf, sizeof(idBuf), "%d", conn->getId()); diff --git a/Engine/source/console/codeInterpreter.cpp b/Engine/source/console/codeInterpreter.cpp index a0e13502f..0b5986fda 100644 --- a/Engine/source/console/codeInterpreter.cpp +++ b/Engine/source/console/codeInterpreter.cpp @@ -420,13 +420,13 @@ exitLabel: if (gEvalState.traceOn) { sTraceBuffer[0] = 0; - dStrcat(sTraceBuffer, "Leaving "); + dStrcat(sTraceBuffer, "Leaving ", 1024); if (packageName) { - dStrcat(sTraceBuffer, "["); - dStrcat(sTraceBuffer, packageName); - dStrcat(sTraceBuffer, "]"); + dStrcat(sTraceBuffer, "[", 1024); + dStrcat(sTraceBuffer, packageName, 1024); + dStrcat(sTraceBuffer, "]", 1024); } if (thisNamespace && thisNamespace->mName) { @@ -471,13 +471,13 @@ void CodeInterpreter::parseArgs(U32 &ip) if (gEvalState.traceOn) { sTraceBuffer[0] = 0; - dStrcat(sTraceBuffer, "Entering "); + dStrcat(sTraceBuffer, "Entering ", 1024); if (mExec.packageName) { - dStrcat(sTraceBuffer, "["); - dStrcat(sTraceBuffer, mExec.packageName); - dStrcat(sTraceBuffer, "]"); + dStrcat(sTraceBuffer, "[", 1024); + dStrcat(sTraceBuffer, mExec.packageName, 1024); + dStrcat(sTraceBuffer, "]", 1024); } if (mExec.thisNamespace && mExec.thisNamespace->mName) { @@ -491,11 +491,11 @@ void CodeInterpreter::parseArgs(U32 &ip) } for (S32 i = 0; i < wantedArgc; i++) { - dStrcat(sTraceBuffer, mExec.argv[i + 1]); + dStrcat(sTraceBuffer, mExec.argv[i + 1], 1024); if (i != wantedArgc - 1) - dStrcat(sTraceBuffer, ", "); + dStrcat(sTraceBuffer, ", ", 1024); } - dStrcat(sTraceBuffer, ")"); + dStrcat(sTraceBuffer, ")", 1024); Con::printf("%s", sTraceBuffer); } diff --git a/Engine/source/console/compiledEval.cpp b/Engine/source/console/compiledEval.cpp index dc6f8a5f5..73969afb2 100644 --- a/Engine/source/console/compiledEval.cpp +++ b/Engine/source/console/compiledEval.cpp @@ -70,9 +70,9 @@ namespace Con ret[0] = 0; for (walk = ns; walk; walk = walk->mParent) { - dStrcat(ret, walk->mName); + dStrcat(ret, walk->mName, size); if (walk->mParent) - dStrcat(ret, " -> "); + dStrcat(ret, " -> ", size); } return ret; } diff --git a/Engine/source/console/console.cpp b/Engine/source/console/console.cpp index c3779de63..ff204a448 100644 --- a/Engine/source/console/console.cpp +++ b/Engine/source/console/console.cpp @@ -2176,8 +2176,8 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor } // Format the output path. - dStrncat(pathBuffer, "/", sizeof(pathBuffer) - 1 - strlen(pathBuffer)); - dStrncat(pathBuffer, pSrc, sizeof(pathBuffer) - 1 - strlen(pathBuffer)); + dStrcat(pathBuffer, "/", sizeof(pathBuffer) - 1 - strlen(pathBuffer)); + dStrcat(pathBuffer, pSrc, sizeof(pathBuffer) - 1 - strlen(pathBuffer)); // Are we ensuring the trailing slash? if (ensureTrailingSlash) diff --git a/Engine/source/console/consoleFunctions.cpp b/Engine/source/console/consoleFunctions.cpp index df89a788a..16c20c3c3 100644 --- a/Engine/source/console/consoleFunctions.cpp +++ b/Engine/source/console/consoleFunctions.cpp @@ -1889,7 +1889,7 @@ ConsoleFunction( echo, void, 2, 0, "( string message... ) " char *ret = Con::getReturnBuffer(len + 1); ret[0] = 0; for(i = 1; i < argc; i++) - dStrcat(ret, argv[i]); + dStrcat(ret, argv[i], len); Con::printf("%s", ret); ret[0] = 0; @@ -1913,7 +1913,7 @@ ConsoleFunction( warn, void, 2, 0, "( string message... ) " char *ret = Con::getReturnBuffer(len + 1); ret[0] = 0; for(i = 1; i < argc; i++) - dStrcat(ret, argv[i]); + dStrcat(ret, argv[i], len); Con::warnf(ConsoleLogEntry::General, "%s", ret); ret[0] = 0; @@ -1937,7 +1937,7 @@ ConsoleFunction( error, void, 2, 0, "( string message... ) " char *ret = Con::getReturnBuffer(len + 1); ret[0] = 0; for(i = 1; i < argc; i++) - dStrcat(ret, argv[i]); + dStrcat(ret, argv[i], len); Con::errorf(ConsoleLogEntry::General, "%s", ret); ret[0] = 0; diff --git a/Engine/source/console/consoleInternal.cpp b/Engine/source/console/consoleInternal.cpp index eadee5d7b..3f5c78f67 100644 --- a/Engine/source/console/consoleInternal.cpp +++ b/Engine/source/console/consoleInternal.cpp @@ -900,21 +900,21 @@ DefineEngineFunction(backtrace, void, (), , buf[0] = 0; for (U32 i = 0; i < gEvalState.getStackDepth(); i++) { - dStrcat(buf, "->"); + dStrcat(buf, "->", totalSize); if (gEvalState.stack[i]->scopeNamespace && gEvalState.stack[i]->scopeNamespace->mEntryList->mPackage) { - dStrcat(buf, "["); - dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mEntryList->mPackage); - dStrcat(buf, "]"); + dStrcat(buf, "[", totalSize); + dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mEntryList->mPackage, totalSize); + dStrcat(buf, "]", totalSize); } if (gEvalState.stack[i]->scopeNamespace && gEvalState.stack[i]->scopeNamespace->mName) { - dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mName); - dStrcat(buf, "::"); + dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mName, totalSize); + dStrcat(buf, "::", totalSize); } if (gEvalState.stack[i]->scopeName) - dStrcat(buf, gEvalState.stack[i]->scopeName); + dStrcat(buf, gEvalState.stack[i]->scopeName, totalSize); } Con::printf("BackTrace: %s", buf); @@ -1362,7 +1362,7 @@ void Namespace::addScriptCallback(const char *funcName, const char *usage, Conso char lilBuffer[32]; dStrcpy(buffer, funcName); dSprintf(lilBuffer, 32, "_%d_cb", uid++); - dStrcat(buffer, lilBuffer); + dStrcat(buffer, lilBuffer, 1024); Entry *ent = createLocalEntry(StringTable->insert(buffer)); trashCache(); @@ -1383,7 +1383,7 @@ void Namespace::markGroup(const char* name, const char* usage) char lilBuffer[32]; dStrcpy(buffer, name); dSprintf(lilBuffer, 32, "_%d", uid++); - dStrcat(buffer, lilBuffer); + dStrcat(buffer, lilBuffer, 1024); Entry *ent = createLocalEntry(StringTable->insert(buffer)); trashCache(); diff --git a/Engine/source/console/consoleObject.cpp b/Engine/source/console/consoleObject.cpp index e1744c5e1..32c84f20b 100644 --- a/Engine/source/console/consoleObject.cpp +++ b/Engine/source/console/consoleObject.cpp @@ -356,7 +356,7 @@ void ConsoleObject::addGroup(const char* in_pGroupname, const char* in_pGroupDoc char* pFieldNameBuf = suppressSpaces(in_pGroupname); // Append group type to fieldname. - dStrcat(pFieldNameBuf, "_begingroup"); + dStrcat(pFieldNameBuf, "_begingroup", 1024); // Create Field. AbstractClassRep::Field f; @@ -385,7 +385,7 @@ void ConsoleObject::endGroup(const char* in_pGroupname) char* pFieldNameBuf = suppressSpaces(in_pGroupname); // Append group type to fieldname. - dStrcat(pFieldNameBuf, "_endgroup"); + dStrcat(pFieldNameBuf, "_endgroup", 1024); // Create Field. AbstractClassRep::Field f; @@ -407,7 +407,7 @@ void ConsoleObject::endGroup(const char* in_pGroupname) void ConsoleObject::addArray( const char *arrayName, S32 count ) { char *nameBuff = suppressSpaces(arrayName); - dStrcat(nameBuff, "_beginarray"); + dStrcat(nameBuff, "_beginarray", 1024); // Create Field. AbstractClassRep::Field f; @@ -430,7 +430,7 @@ void ConsoleObject::addArray( const char *arrayName, S32 count ) void ConsoleObject::endArray( const char *arrayName ) { char *nameBuff = suppressSpaces(arrayName); - dStrcat(nameBuff, "_endarray"); + dStrcat(nameBuff, "_endarray", 1024); // Create Field. AbstractClassRep::Field f; @@ -776,8 +776,8 @@ static const char* returnClassList( Vector< AbstractClassRep* >& classes, U32 bu dStrcpy( ret, classes[ 0 ]->getClassName() ); for( U32 i = 1; i < classes.size(); i ++ ) { - dStrcat( ret, "\t" ); - dStrcat( ret, classes[ i ]->getClassName() ); + dStrcat( ret, "\t", bufSize ); + dStrcat( ret, classes[ i ]->getClassName(), bufSize ); } return ret; diff --git a/Engine/source/console/fieldBrushObject.cpp b/Engine/source/console/fieldBrushObject.cpp index 407a57cb3..e96387cae 100644 --- a/Engine/source/console/fieldBrushObject.cpp +++ b/Engine/source/console/fieldBrushObject.cpp @@ -275,7 +275,7 @@ DefineConsoleMethod(FieldBrushObject, queryFields, const char*, (const char* sim // Copy string element. dStrcpy( tempBuf, StringUnit::getUnit( groupList, groupIndex, " \t\n" ) ); // Append internal name. - dStrcat( tempBuf, "_begingroup" ); + dStrcat( tempBuf, "_begingroup", 256 ); // Store Group. groups.push_back( StringTable->insert( tempBuf ) ); } diff --git a/Engine/source/console/persistenceManager.cpp b/Engine/source/console/persistenceManager.cpp index c4af549ed..db7b7254e 100644 --- a/Engine/source/console/persistenceManager.cpp +++ b/Engine/source/console/persistenceManager.cpp @@ -967,10 +967,10 @@ void PersistenceManager::updateToken( const U32 lineNumber, const U32 linePositi // Build the new line with the // preString + newValue + postString - dStrcat(newLine, preString); + dStrcat(newLine, preString, newLineLen); if ( newValue ) - dStrcat(newLine, newValue); - dStrcat(newLine, postString); + dStrcat(newLine, newValue, newLineLen); + dStrcat(newLine, postString, newLineLen); // Clear our existing line if (mLineBuffer[lineNumber]) @@ -1243,7 +1243,7 @@ PersistenceManager::ParsedObject* PersistenceManager::writeNewObject(SimObject* char* indent = getObjectIndent(parentObject); if (parentObject) - dStrcat(indent, " \0"); + dStrcat(indent, " \0", 2048); // Write out the beginning of the object declaration const char* dclToken = "new"; diff --git a/Engine/source/console/scriptFilename.cpp b/Engine/source/console/scriptFilename.cpp index 7a72756af..9455826f7 100644 --- a/Engine/source/console/scriptFilename.cpp +++ b/Engine/source/console/scriptFilename.cpp @@ -325,7 +325,7 @@ bool collapseScriptFilename(char *filename, U32 size, const char *src) *filename = 0; if(*test[i].replace) dSprintf(filename, size, "%s/", test[i].replace); - dStrcat(filename, rel); + dStrcat(filename, rel, size); return true; } diff --git a/Engine/source/console/simFieldDictionary.cpp b/Engine/source/console/simFieldDictionary.cpp index f68a8689b..397b51d23 100644 --- a/Engine/source/console/simFieldDictionary.cpp +++ b/Engine/source/console/simFieldDictionary.cpp @@ -281,7 +281,7 @@ void SimFieldDictionary::writeFields(SimObject *obj, Stream &stream, U32 tabStop dSprintf(expandedBuffer, nBufferSize, "%s%s%s = \"", typeName, *typeName ? " " : "", (*itr)->slotName); if ((*itr)->value) expandEscape((char*)expandedBuffer + dStrlen(expandedBuffer), (*itr)->value); - dStrcat(expandedBuffer, "\";\r\n"); + dStrcat(expandedBuffer, "\";\r\n", nBufferSize); stream.write(dStrlen(expandedBuffer), expandedBuffer); } diff --git a/Engine/source/console/simObject.cpp b/Engine/source/console/simObject.cpp index ef688228f..0d2e5eb32 100644 --- a/Engine/source/console/simObject.cpp +++ b/Engine/source/console/simObject.cpp @@ -347,7 +347,7 @@ void SimObject::writeFields(Stream &stream, U32 tabStop) } expandEscape((char*)expandedBuffer + dStrlen(expandedBuffer), val); - dStrcat(expandedBuffer, "\";\r\n"); + dStrcat(expandedBuffer, "\";\r\n", expandedBufferSize); stream.writeTabs(tabStop); stream.write(dStrlen(expandedBuffer),expandedBuffer); @@ -1029,7 +1029,7 @@ void SimObject::setDataField(StringTableEntry slotName, const char *array, const { char buf[256]; dStrcpy(buf, slotName); - dStrcat(buf, array); + dStrcat(buf, array, 256); StringTableEntry permanentSlotName = StringTable->insert(buf); mFieldDictionary->setFieldValue(permanentSlotName, value); onDynamicModified( permanentSlotName, value ); @@ -1070,7 +1070,7 @@ const char *SimObject::getDataField(StringTableEntry slotName, const char *array { static char buf[256]; dStrcpy(buf, slotName); - dStrcat(buf, array); + dStrcat(buf, array, 256); if (const char* val = mFieldDictionary->getFieldValue(StringTable->insert(buf))) return val; } @@ -1311,7 +1311,7 @@ U32 SimObject::getDataFieldType( StringTableEntry slotName, const char* array ) { static char buf[256]; dStrcpy( buf, slotName ); - dStrcat( buf, array ); + dStrcat( buf, array, 256 ); return mFieldDictionary->getFieldType( StringTable->insert( buf ) ); } @@ -1334,7 +1334,7 @@ void SimObject::setDataFieldType(const U32 fieldTypeId, StringTableEntry slotNam { static char buf[256]; dStrcpy( buf, slotName ); - dStrcat( buf, array ); + dStrcat( buf, array, 256 ); mFieldDictionary->setFieldType( StringTable->insert( buf ), fieldTypeId ); onDynamicModified( slotName, mFieldDictionary->getFieldValue(slotName) ); @@ -1355,7 +1355,7 @@ void SimObject::setDataFieldType(const char *typeName, StringTableEntry slotName { static char buf[256]; dStrcpy( buf, slotName ); - dStrcat( buf, array ); + dStrcat( buf, array, 256 ); StringTableEntry permanentSlotName = StringTable->insert(buf); mFieldDictionary->setFieldType( permanentSlotName, typeName ); diff --git a/Engine/source/console/telnetDebugger.cpp b/Engine/source/console/telnetDebugger.cpp index 7db6e9710..7cb39dc83 100644 --- a/Engine/source/console/telnetDebugger.cpp +++ b/Engine/source/console/telnetDebugger.cpp @@ -470,19 +470,19 @@ void TelnetDebugger::sendBreak() if ( ns ) { if ( ns->mParent && ns->mParent->mPackage && ns->mParent->mPackage[0] ) { - dStrcat( scope, ns->mParent->mPackage ); - dStrcat( scope, "::" ); + dStrcat( scope, ns->mParent->mPackage, MaxCommandSize ); + dStrcat( scope, "::", MaxCommandSize ); } if ( ns->mName && ns->mName[0] ) { - dStrcat( scope, ns->mName ); - dStrcat( scope, "::" ); + dStrcat( scope, ns->mName, MaxCommandSize ); + dStrcat( scope, "::", MaxCommandSize ); } } const char *function = gEvalState.stack[i]->scopeName; if ((!function) || (!function[0])) function = ""; - dStrcat( scope, function ); + dStrcat( scope, function, MaxCommandSize ); U32 line=0, inst; U32 ip = gEvalState.stack[i]->ip; diff --git a/Engine/source/core/strings/stringFunctions.h b/Engine/source/core/strings/stringFunctions.h index 6a3d54548..4c79bf32d 100644 --- a/Engine/source/core/strings/stringFunctions.h +++ b/Engine/source/core/strings/stringFunctions.h @@ -32,6 +32,10 @@ #include "platform/types.h" #endif +#ifndef _PLATFORMASSERT_H_ +#include "platform/platformAssert.h" +#endif + #if defined(TORQUE_OS_WIN) // These standard functions are not defined on Win32 and other Microsoft platforms... #define strcasecmp _stricmp @@ -47,14 +51,22 @@ //------------------------------------------------------------------------------ // standard string functions [defined in platformString.cpp] +/// @deprecated Use dStrcat(char *, const char *, dsize_t) instead inline char *dStrcat(char *dst, const char *src) { + AssertFatal(false, "dStrcat without length is deprecated"); return strcat(dst,src); } +inline char *dStrcat(char *dst, const char *src, dsize_t len) +{ + return strncat(dst,src,len - 1); //Safety because strncat copies at most len+1 characters +} + inline char *dStrncat(char *dst, const char *src, dsize_t len) { - return strncat(dst,src,len); + AssertFatal(false, "Use dStrcat with length"); + return dStrcat(dst, src, len); } inline S32 dStrcmp(const char *str1, const char *str2) diff --git a/Engine/source/core/strings/stringUnit.cpp b/Engine/source/core/strings/stringUnit.cpp index dc666f38c..0012d60e6 100644 --- a/Engine/source/core/strings/stringUnit.cpp +++ b/Engine/source/core/strings/stringUnit.cpp @@ -164,7 +164,7 @@ namespace StringUnit // replace this unit ret[sz] = '\0'; - dStrcat(ret, replace); + dStrcat(ret, replace, 2048); // copy remaining chunks sz = dStrcspn(string, set); // skip chunk we're replacing @@ -172,7 +172,7 @@ namespace StringUnit return ret; string += sz; - dStrcat(ret, string); + dStrcat(ret, string, 2048); return ret; } @@ -211,7 +211,7 @@ namespace StringUnit } string += sz + 1; // skip the extra field delimiter - dStrcat(ret, string); + dStrcat(ret, string, 2048); return ret; } } diff --git a/Engine/source/gfx/gl/sdl/gfxGLDevice.sdl.cpp b/Engine/source/gfx/gl/sdl/gfxGLDevice.sdl.cpp index 3f3245c91..d909750b9 100644 --- a/Engine/source/gfx/gl/sdl/gfxGLDevice.sdl.cpp +++ b/Engine/source/gfx/gl/sdl/gfxGLDevice.sdl.cpp @@ -129,7 +129,7 @@ void GFXGLDevice::enumerateAdapters( Vector &adapterList ) if (renderer) { dStrcpy(toAdd->mName, renderer); - dStrncat(toAdd->mName, " OpenGL", GFXAdapter::MaxAdapterNameLen); + dStrcat(toAdd->mName, " OpenGL", GFXAdapter::MaxAdapterNameLen); } else dStrcpy(toAdd->mName, "OpenGL"); diff --git a/Engine/source/gui/containers/guiFormCtrl.cpp b/Engine/source/gui/containers/guiFormCtrl.cpp index f94e6c234..a185af1e2 100644 --- a/Engine/source/gui/containers/guiFormCtrl.cpp +++ b/Engine/source/gui/containers/guiFormCtrl.cpp @@ -219,8 +219,8 @@ bool GuiFormCtrl::resize(const Point2I &newPosition, const Point2I &newExtent) for(S32 i=strlen; i>=0; --i) { dStrcpy(buf, ""); - dStrncat(buf, (const char*)mCaption, i); - dStrcat(buf, "..."); + dStrcat(buf, (const char*)mCaption, i); + dStrcat(buf, "...", i); textWidth = mProfile->mFont->getStrWidth(buf); diff --git a/Engine/source/gui/controls/guiDirectoryFileListCtrl.cpp b/Engine/source/gui/controls/guiDirectoryFileListCtrl.cpp index c244af658..420ddc575 100644 --- a/Engine/source/gui/controls/guiDirectoryFileListCtrl.cpp +++ b/Engine/source/gui/controls/guiDirectoryFileListCtrl.cpp @@ -195,7 +195,7 @@ DefineEngineMethod( GuiDirectoryFileListCtrl, getSelectedFiles, const char*, (), dMemset( itemBuffer, 0, itemBufSize ); dSprintf( itemBuffer, itemBufSize, " %s", itemText ); - dStrcat( returnBuffer, itemBuffer ); + dStrcat( returnBuffer, itemBuffer, itemBufSize ); } return returnBuffer; diff --git a/Engine/source/gui/controls/guiListBoxCtrl.cpp b/Engine/source/gui/controls/guiListBoxCtrl.cpp index 8c0dabb11..d47914d3d 100644 --- a/Engine/source/gui/controls/guiListBoxCtrl.cpp +++ b/Engine/source/gui/controls/guiListBoxCtrl.cpp @@ -458,7 +458,7 @@ DefineEngineMethod( GuiListBoxCtrl, getSelectedItems, const char*, (),, { UTF8 retFormat[12]; dSprintf( retFormat, 12, "%d ", (*i) ); - dStrcat( retBuffer, retFormat ); + dStrcat( retBuffer, retFormat, 12 ); } return retBuffer; diff --git a/Engine/source/gui/editor/guiFilterCtrl.cpp b/Engine/source/gui/editor/guiFilterCtrl.cpp index a00d4f670..6b7662bd5 100644 --- a/Engine/source/gui/editor/guiFilterCtrl.cpp +++ b/Engine/source/gui/editor/guiFilterCtrl.cpp @@ -70,8 +70,8 @@ DefineConsoleMethod( GuiFilterCtrl, getValue, const char*, (), , "Return a tuple for (U32 i=0; i < filter->size(); i++) { char value[32]; - dSprintf(value, 31, "%1.5f ", *(filter->begin()+i) ); - dStrcat(buffer, value); + dSprintf(value, 32, "%1.5f ", *(filter->begin()+i) ); + dStrcat(buffer, value, 32); } return buffer; diff --git a/Engine/source/gui/worldEditor/terrainEditor.cpp b/Engine/source/gui/worldEditor/terrainEditor.cpp index 59d8adaca..8e81d84e3 100644 --- a/Engine/source/gui/worldEditor/terrainEditor.cpp +++ b/Engine/source/gui/worldEditor/terrainEditor.cpp @@ -2495,8 +2495,8 @@ DefineConsoleMethod(TerrainEditor, getTerrainBlocksMaterialList, const char *, ( ret[0] = 0; for(U32 i = 0; i < list.size(); ++i) { - dStrcat( ret, list[i] ); - dStrcat( ret, "\n" ); + dStrcat( ret, list[i], size ); + dStrcat( ret, "\n", size ); } return ret; @@ -2709,8 +2709,8 @@ DefineConsoleMethod(TerrainEditor, getMaterials, const char *, (), , "() gets th ret[0] = 0; for(U32 i = 0; i < terr->getMaterialCount(); i++) { - dStrcat( ret, terr->getMaterialName(i) ); - dStrcat( ret, "\n" ); + dStrcat( ret, terr->getMaterialName(i), 4096 ); + dStrcat( ret, "\n", 4096 ); } return ret; diff --git a/Engine/source/materials/materialDefinition.cpp b/Engine/source/materials/materialDefinition.cpp index d4ec8ed7d..d116fe0f3 100644 --- a/Engine/source/materials/materialDefinition.cpp +++ b/Engine/source/materials/materialDefinition.cpp @@ -661,28 +661,28 @@ DefineConsoleMethod( Material, getAnimFlags, const char*, (U32 id), , "" ) if(dStrcmp( animFlags, "" ) == 0) dStrcpy( animFlags, "$Rotate" ); else - dStrcat( animFlags, " | $Rotate"); + dStrcat( animFlags, " | $Rotate", 512); } if(object->mAnimFlags[ id ] & Material::Wave) { if(dStrcmp( animFlags, "" ) == 0) dStrcpy( animFlags, "$Wave" ); else - dStrcat( animFlags, " | $Wave"); + dStrcat( animFlags, " | $Wave", 512); } if(object->mAnimFlags[ id ] & Material::Scale) { if(dStrcmp( animFlags, "" ) == 0) dStrcpy( animFlags, "$Scale" ); else - dStrcat( animFlags, " | $Scale"); + dStrcat( animFlags, " | $Scale", 512); } if(object->mAnimFlags[ id ] & Material::Sequence) { if(dStrcmp( animFlags, "" ) == 0) dStrcpy( animFlags, "$Sequence" ); else - dStrcat( animFlags, " | $Sequence"); + dStrcat( animFlags, " | $Sequence", 512); } return animFlags; @@ -718,4 +718,4 @@ bool Material::_setAccuEnabled( void *object, const char *index, const char *dat AccumulationVolume::refreshVolumes(); } return true; -} \ No newline at end of file +} diff --git a/Engine/source/platform/profiler.cpp b/Engine/source/platform/profiler.cpp index 444679284..e70eb6c02 100644 --- a/Engine/source/platform/profiler.cpp +++ b/Engine/source/platform/profiler.cpp @@ -329,8 +329,8 @@ const char * Profiler::constructProfilePath(ProfilerData * pd) U32 mark = FrameAllocator::getWaterMark(); char * buf = (char*)FrameAllocator::alloc(len+1); dStrcpy(buf,pd->mParent->mPath); - dStrcat(buf,connector); - dStrcat(buf,pd->mRoot->mName); + dStrcat(buf,connector,len); + dStrcat(buf,pd->mRoot->mName,len); const char * ret = StringTable->insert(buf); FrameAllocator::setWaterMark(mark); diff --git a/Engine/source/platformPOSIX/posixVolume.cpp b/Engine/source/platformPOSIX/posixVolume.cpp index 0f39bea3c..271df1e18 100644 --- a/Engine/source/platformPOSIX/posixVolume.cpp +++ b/Engine/source/platformPOSIX/posixVolume.cpp @@ -585,7 +585,7 @@ bool Platform::FS::InstallFileSystems() { // add trailing '/' if it isn't there if (buffer[dStrlen(buffer) - 1] != '/') - dStrcat(buffer, "/"); + dStrcat(buffer, "/", PATH_MAX); Platform::FS::SetCwd(buffer); } diff --git a/Engine/source/platformWin32/winDInputDevice.cpp b/Engine/source/platformWin32/winDInputDevice.cpp index a88f9ff1d..1bfed04f8 100644 --- a/Engine/source/platformWin32/winDInputDevice.cpp +++ b/Engine/source/platformWin32/winDInputDevice.cpp @@ -1552,25 +1552,25 @@ const char* DInputDevice::getJoystickAxesString() switch ( mObjInfo[i].mInst ) { case SI_XAXIS: - dStrcat( buf, "\tX" ); + dStrcat( buf, "\tX", 64 ); break; case SI_YAXIS: - dStrcat( buf, "\tY" ); + dStrcat( buf, "\tY", 64 ); break; case SI_ZAXIS: - dStrcat( buf, "\tZ" ); + dStrcat( buf, "\tZ", 64 ); break; case SI_RXAXIS: - dStrcat( buf, "\tR" ); + dStrcat( buf, "\tR", 64 ); break; case SI_RYAXIS: - dStrcat( buf, "\tU" ); + dStrcat( buf, "\tU", 64 ); break; case SI_RZAXIS: - dStrcat( buf, "\tV" ); + dStrcat( buf, "\tV", 64 ); break; case SI_SLIDER: - dStrcat( buf, "\tS" ); + dStrcat( buf, "\tS", 64 ); break; } } diff --git a/Engine/source/platformWin32/winFileio.cpp b/Engine/source/platformWin32/winFileio.cpp index 85f8676a3..1fba156f5 100644 --- a/Engine/source/platformWin32/winFileio.cpp +++ b/Engine/source/platformWin32/winFileio.cpp @@ -158,7 +158,8 @@ bool dPathCopy(const char *fromName, const char *toName, bool nooverwrite) Platform::clearExcludedDirectories(); - TempAlloc< char > tempBuf( to.size * 3 + MAX_PATH * 3 ); + S32 tempBufSize = to.size * 3 + MAX_PATH * 3; + TempAlloc< char > tempBuf( tempBufSize ); // Create all the directories. for (S32 i = 0; i < directoryInfo.size(); i++) @@ -168,7 +169,7 @@ bool dPathCopy(const char *fromName, const char *toName, bool nooverwrite) char* toDir = tempBuf; Platform::makeFullPathName(fromDir + dStrlen(fromName) + (dStricmp(fromDir, fromName) ? 1 : 0), tempBuf, tempBuf.size, toName); if(*(toDir + dStrlen(toDir) - 1) != '/') - dStrcat(toDir, "/"); + dStrcat(toDir, "/", tempBufSize); forwardslash(toDir); if (!Platform::createPath(toDir)) @@ -191,8 +192,8 @@ bool dPathCopy(const char *fromName, const char *toName, bool nooverwrite) char* toFile = tempBuf; Platform::makeFullPathName(fileInfo[i].pFullPath + dStrlen(fromName) + (dStricmp(fileInfo[i].pFullPath, fromName) ? 1 : 0), tempBuf, tempBuf.size, toName); - dStrcat(toFile, "/"); - dStrcat(toFile, fileInfo[i].pFileName); + dStrcat(toFile, "/", tempBufSize); + dStrcat(toFile, fileInfo[i].pFileName, tempBufSize); backslash(fromFile); backslash(toFile); diff --git a/Engine/source/sim/actionMap.cpp b/Engine/source/sim/actionMap.cpp index 841f3e39b..4e5f6948a 100644 --- a/Engine/source/sim/actionMap.cpp +++ b/Engine/source/sim/actionMap.cpp @@ -249,7 +249,7 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const iostrm->write( dStrlen( lineBuffer ), lineBuffer ); } - dSprintf(lineBuffer, 1023, "if (isObject(%s)) %s.delete();\n" + dSprintf(lineBuffer, 1024, "if (isObject(%s)) %s.delete();\n" "new ActionMap(%s);\n", getName(), getName(), getName()); iostrm->write(dStrlen(lineBuffer), lineBuffer); @@ -277,7 +277,7 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const else command = "bind"; - dSprintf(lineBuffer, 1023, "%s.%s(%s, \"%s%s\"", + dSprintf(lineBuffer, 1024, "%s.%s(%s, \"%s%s\"", getName(), command, devbuffer, @@ -298,53 +298,53 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const buff[curr++] = 'I'; buff[curr] = '\0'; - dStrcat(lineBuffer, buff); + dStrcat(lineBuffer, buff, 1024); } if (rNode.flags & Node::HasDeadZone) { char buff[64]; dSprintf(buff, 63, ", \"%g %g\"", rNode.deadZoneBegin, rNode.deadZoneEnd); - dStrcat(lineBuffer, buff); + dStrcat(lineBuffer, buff, 1024); } if (rNode.flags & Node::HasScale) { char buff[64]; dSprintf(buff, 63, ", %g", rNode.scaleFactor); - dStrcat(lineBuffer, buff); + dStrcat(lineBuffer, buff, 1024); } if (rNode.flags & Node::BindCmd) { if (rNode.makeConsoleCommand) { - dStrcat(lineBuffer, ", \""); + dStrcat(lineBuffer, ", \"", 1024); U32 pos = dStrlen(lineBuffer); expandEscape(lineBuffer + pos, rNode.makeConsoleCommand); - dStrcat(lineBuffer, "\""); + dStrcat(lineBuffer, "\"", 1024); } else { - dStrcat(lineBuffer, ", \"\""); + dStrcat(lineBuffer, ", \"\"", 1024); } if (rNode.breakConsoleCommand) { - dStrcat(lineBuffer, ", \""); + dStrcat(lineBuffer, ", \"", 1024); U32 pos = dStrlen(lineBuffer); expandEscape(lineBuffer + pos, rNode.breakConsoleCommand); - dStrcat(lineBuffer, "\""); + dStrcat(lineBuffer, "\"", 1024); } else - dStrcat(lineBuffer, ", \"\""); + dStrcat(lineBuffer, ", \"\"", 1024); } else if (rNode.flags & Node::Held) { - dStrcat(lineBuffer, ", "); - dStrcat(lineBuffer, rNode.consoleFunction); + dStrcat(lineBuffer, ", ", 1024); + dStrcat(lineBuffer, rNode.consoleFunction, 1024); - dStrcat(lineBuffer, ", "); - dStrcat(lineBuffer, rNode.contextEvent->mConsoleFunctionHeld); + dStrcat(lineBuffer, ", ", 1024); + dStrcat(lineBuffer, rNode.contextEvent->mConsoleFunctionHeld, 1024); } else { - dStrcat(lineBuffer, ", "); - dStrcat(lineBuffer, rNode.consoleFunction); + dStrcat(lineBuffer, ", ", 1024); + dStrcat(lineBuffer, rNode.consoleFunction, 1024); } - dStrcat(lineBuffer, ");\n"); + dStrcat(lineBuffer, ");\n", 1024); iostrm->write(dStrlen(lineBuffer), lineBuffer); } } @@ -377,7 +377,7 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const command = "bind"; char finalBuffer[1024]; - dSprintf(finalBuffer, 1023, "%s.%s(%s, \"%s%s\"", + dSprintf(finalBuffer, 1024, "%s.%s(%s, \"%s%s\"", getName(), command, devbuffer, @@ -398,51 +398,51 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const buff[curr++] = 'I'; buff[curr] = '\0'; - dStrcat(finalBuffer, buff); + dStrcat(finalBuffer, buff, 1024); } if (rNode.flags & Node::HasDeadZone) { char buff[64]; dSprintf(buff, 63, ", \"%g %g\"", rNode.deadZoneBegin, rNode.deadZoneEnd); - dStrcat(finalBuffer, buff); + dStrcat(finalBuffer, buff, 1024); } if (rNode.flags & Node::HasScale) { char buff[64]; dSprintf(buff, 63, ", %g", rNode.scaleFactor); - dStrcat(finalBuffer, buff); + dStrcat(finalBuffer, buff, 1024); } if (rNode.flags & Node::BindCmd) { if (rNode.makeConsoleCommand) { - dStrcat(finalBuffer, ", \""); - dStrcat(finalBuffer, rNode.makeConsoleCommand); - dStrcat(finalBuffer, "\""); + dStrcat(finalBuffer, ", \"", 1024); + dStrcat(finalBuffer, rNode.makeConsoleCommand, 1024); + dStrcat(finalBuffer, "\"", 1024); } else { - dStrcat(finalBuffer, ", \"\""); + dStrcat(finalBuffer, ", \"\"", 1024); } if (rNode.breakConsoleCommand) { - dStrcat(finalBuffer, ", \""); - dStrcat(finalBuffer, rNode.breakConsoleCommand); - dStrcat(finalBuffer, "\""); + dStrcat(finalBuffer, ", \"", 1024); + dStrcat(finalBuffer, rNode.breakConsoleCommand, 1024); + dStrcat(finalBuffer, "\"", 1024); } else - dStrcat(finalBuffer, ", \"\""); + dStrcat(finalBuffer, ", \"\"", 1024); } else if (rNode.flags & Node::Held) { - dStrcat(finalBuffer, ", "); - dStrcat(finalBuffer, rNode.consoleFunction); + dStrcat(finalBuffer, ", ", 1024); + dStrcat(finalBuffer, rNode.consoleFunction, 1024); - dStrcat(finalBuffer, ", "); - dStrcat(finalBuffer, rNode.contextEvent->mConsoleFunctionHeld); + dStrcat(finalBuffer, ", ", 1024); + dStrcat(finalBuffer, rNode.contextEvent->mConsoleFunctionHeld, 1024); } else { - dStrcat(finalBuffer, ", "); - dStrcat(finalBuffer, rNode.consoleFunction); + dStrcat(finalBuffer, ", ", 1024); + dStrcat(finalBuffer, rNode.consoleFunction, 1024); } - dStrcat(finalBuffer, ");"); + dStrcat(finalBuffer, ");", 1024); Con::printf(finalBuffer); } } @@ -786,8 +786,8 @@ const char* ActionMap::getBinding( const char* command ) { dSprintf( buffer, sizeof( buffer ), "%s\t%s%s", deviceBuffer, modifierString, keyBuffer ); if ( returnString[0] ) - dStrcat( returnString, "\t" ); - dStrcat( returnString, buffer ); + dStrcat( returnString, "\t", 1024 ); + dStrcat( returnString, buffer, 1024 ); } } diff --git a/Engine/source/sim/netStringTable.cpp b/Engine/source/sim/netStringTable.cpp index 117d0a020..d1a25e826 100644 --- a/Engine/source/sim/netStringTable.cpp +++ b/Engine/source/sim/netStringTable.cpp @@ -239,7 +239,7 @@ void NetStringTable::expandString(NetStringHandle &inString, char *buf, U32 bufS } buf[bufSize - 1] = 0; } else { - dStrcat(buf, ""); + dStrcat(buf, "", bufSize); } } diff --git a/Engine/source/terrain/terrData.cpp b/Engine/source/terrain/terrData.cpp index a97ec7e98..8665fa9f4 100644 --- a/Engine/source/terrain/terrData.cpp +++ b/Engine/source/terrain/terrData.cpp @@ -1306,7 +1306,7 @@ DefineEngineMethod( TerrainBlock, save, bool, ( const char* fileName),, dStrcpy(filename,fileName); char *ext = dStrrchr(filename, '.'); if (!ext || dStricmp(ext, ".ter") != 0) - dStrcat(filename, ".ter"); + dStrcat(filename, ".ter", 256); return static_cast(object)->save(filename); } @@ -1316,7 +1316,7 @@ DefineEngineMethod( TerrainBlock, save, bool, ( const char* fileName),, // dStrcpy(filename,argv[2]); // char *ext = dStrrchr(filename, '.'); // if (!ext || dStricmp(ext, ".ter") != 0) -// dStrcat(filename, ".ter"); +// dStrcat(filename, ".ter", 256); // return static_cast(object)->save(filename); //}