TorqueGameEngines/Torque3D
1
0
Fork 0
mirror of https://github.com/TorqueGameEngines/Torque3D.git synced 2026-03-10 16:00:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use strncat instead of strcat to prevent some buffer overflows

Browse source
This commit is contained in:
Glenn Smith 2018-03-06 00:48:44 -05:00
parent 53f35e7fb1
commit 7769da9434
32 changed files with 147 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Engine/source/core/strings/stringFunctions.h
View file

@ -32,6 +32,10 @@
#include "platform/types.h"
#endif
#ifndef _PLATFORMASSERT_H_
#include "platform/platformAssert.h"
#endif
#if defined(TORQUE_OS_WIN)
// These standard functions are not defined on Win32 and other Microsoft platforms...
#define strcasecmp _stricmp
@ -47,14 +51,22 @@
//------------------------------------------------------------------------------
// standard string functions [defined in platformString.cpp]
/// @deprecated Use dStrcat(char *, const char *, dsize_t) instead
inline char *dStrcat(char *dst, const char *src)
{
AssertFatal(false, "dStrcat without length is deprecated");
return strcat(dst,src);
}
inline char *dStrcat(char *dst, const char *src, dsize_t len)
{
return strncat(dst,src,len - 1); //Safety because strncat copies at most len+1 characters
}
inline char *dStrncat(char *dst, const char *src, dsize_t len)
{
return strncat(dst,src,len);
AssertFatal(false, "Use dStrcat with length");
return dStrcat(dst, src, len);
}
inline S32 dStrcmp(const char *str1, const char *str2)

6
Engine/source/core/strings/stringUnit.cpp
View file

@ -164,7 +164,7 @@ namespace StringUnit
// replace this unit
ret[sz] = '\0';
dStrcat(ret, replace);
dStrcat(ret, replace, 2048);
// copy remaining chunks
sz = dStrcspn(string, set); // skip chunk we're replacing
@ -172,7 +172,7 @@ namespace StringUnit
return ret;
string += sz;
dStrcat(ret, string);
dStrcat(ret, string, 2048);
return ret;
}
@ -211,7 +211,7 @@ namespace StringUnit
}
string += sz + 1; // skip the extra field delimiter
dStrcat(ret, string);
dStrcat(ret, string, 2048);
return ret;
}
}