Add safe_strncpy function

safe_strncpy is similar to strncpy, but makes sure buffer is null-terminated. Update most of project to use this updated function to prevent illegal memory accesses.
2026-01-22 06:23:04 +01:00 · 2015-10-30 15:18:29 +01:00
parent 653c2b2701
commit 9284930d7e
41 changed files with 208 additions and 160 deletions
--- a/src/interface/chat.c
+++ b/src/interface/chat.c
@@ -5,6 +5,7 @@
 #include "../network/network.h"
 #include "../platform/platform.h"
 #include "chat.h"
+#include "../util/util.h"

 #define CHAT_HISTORY_SIZE 10
 #define CHAT_INPUT_SIZE 256
@@ -77,14 +78,14 @@ void chat_draw()
 		if (!gChatOpen && SDL_TICKS_PASSED(SDL_GetTicks(), chat_history_get_time(i) + 10000)) {
 			break;
 		}
-		strcpy(lineBuffer, chat_history_get(i));
+		safe_strncpy(lineBuffer, chat_history_get(i), CHAT_INPUT_SIZE + 10);
 		gfx_set_dirty_blocks(x, y, x + gfx_get_string_width(lineBuffer), y + 12);
 		gfx_draw_string(dpi, lineBuffer, 255, x, y);
 	}
 	if (gChatOpen) {
 		lineCh = utf8_write_codepoint(lineCh, FORMAT_OUTLINE);
 		lineCh = utf8_write_codepoint(lineCh, FORMAT_CELADON);
-		strcpy(lineCh, _chatCurrentLine);
+		safe_strncpy(lineCh, _chatCurrentLine, CHAT_INPUT_SIZE);
 		y = _chatBottom - 10;
 		gfx_set_dirty_blocks(x, y, x + gfx_get_string_width(lineBuffer) + 7, y + 12);
 		if (_chatCaretTicks < 15) {
@@ -136,4 +137,4 @@ static uint32 chat_history_get_time(unsigned int index)
 static void chat_clear_input()
 {
 	_chatCurrentLine[0] = 0;
-}
+}
--- a/src/interface/console.c
+++ b/src/interface/console.c
@@ -17,6 +17,7 @@
 #include "../world/banner.h"
 #include "../world/scenery.h"
 #include "../management/research.h"
+#include "../util/util.h"
 #include "console.h"
 #include "window.h"
 #include "viewport.h"
@@ -187,7 +188,7 @@ void console_draw(rct_drawpixelinfo *dpi)
 		int lineLength = min(sizeof(lineBuffer) - (size_t)utf8_get_codepoint_length(FORMAT_GREEN), (size_t)(nextLine - ch));
 		lineCh = lineBuffer;
 		lineCh = utf8_write_codepoint(lineCh, FORMAT_GREEN);
-		strncpy(lineCh, ch, lineLength);
+		safe_strncpy(lineCh, ch, lineLength);
 		lineCh[lineLength] = 0;

 		gfx_draw_string(dpi, lineBuffer, 255, x, y);
--- a/src/interface/themes.c
+++ b/src/interface/themes.c
@@ -19,6 +19,7 @@
 *****************************************************************************/

 #include "../localisation/string_ids.h"
+#include "../util/util.h"
 #include "window.h"
 #include "themes.h"

@@ -193,7 +194,7 @@ void theme_create_preset(int duplicate, const char *name)
 	int preset = gConfigThemes.num_presets;
 	gConfigThemes.num_presets++;
 	gConfigThemes.presets = realloc(gConfigThemes.presets, sizeof(theme_preset) * gConfigThemes.num_presets);
-	strcpy(gConfigThemes.presets[preset].name, name);
+	safe_strncpy(gConfigThemes.presets[preset].name, name, THEME_PRESET_NAME_SIZE);
 	gConfigThemes.presets[preset].windows = malloc(sizeof(theme_window) * gNumThemeWindows);
 	for (int i = 0; i < (int)gNumThemeWindows; i++) {
 		gConfigThemes.presets[preset].windows[i] = gConfigThemes.presets[duplicate].windows[i];
@@ -234,7 +235,7 @@ void theme_rename_preset(int preset, const char *newName)
 		strcat(dest, ".ini");
 		platform_file_move(src, dest);

-		strcpy(gConfigThemes.presets[preset].name, newName);
+		safe_strncpy(gConfigThemes.presets[preset].name, newName, THEME_PRESET_NAME_SIZE);

 		if (preset == gCurrentTheme) {
 			gConfigInterface.current_theme_preset = gConfigThemes.presets[preset].name;
--- a/src/interface/title_sequences.c
+++ b/src/interface/title_sequences.c
@@ -47,7 +47,7 @@ bool title_sequence_save_exists(int preset, const char *name)
 {
 	utf8 newName[MAX_PATH];
 	char *extension = (char*)path_get_extension(name);
-	strcpy(newName, name);
+	safe_strncpy(newName, name, MAX_PATH);
 	if (_stricmp(extension, ".sv6") != 0 && _stricmp(extension, ".sc6") != 0)
 		strcat(newName, ".sv6");
 	for (int i = 0; i < gConfigTitleSequences.presets[preset].num_saves; i++) {
@@ -86,7 +86,7 @@ void title_sequence_create_preset(const char *name)
 		int preset = gConfigTitleSequences.num_presets;
 		gConfigTitleSequences.num_presets++;
 		gConfigTitleSequences.presets = realloc(gConfigTitleSequences.presets, sizeof(title_sequence) * (size_t)gConfigTitleSequences.num_presets);
-		strcpy(gConfigTitleSequences.presets[preset].name, name);
+		safe_strncpy(gConfigTitleSequences.presets[preset].name, name, TITLE_SEQUENCE_NAME_SIZE);
 		gConfigTitleSequences.presets[preset].path[0] = 0;

 		gConfigTitleSequences.presets[preset].saves = malloc(0);
@@ -112,7 +112,7 @@ void title_sequence_duplicate_preset(int duplicate, const char *name)
 		int preset = gConfigTitleSequences.num_presets;
 		gConfigTitleSequences.num_presets++;
 		gConfigTitleSequences.presets = realloc(gConfigTitleSequences.presets, sizeof(title_sequence) * (size_t)gConfigTitleSequences.num_presets);
-		strcpy(gConfigTitleSequences.presets[preset].name, name);
+		safe_strncpy(gConfigTitleSequences.presets[preset].name, name, TITLE_SEQUENCE_NAME_SIZE);
 		gConfigTitleSequences.presets[preset].path[0] = 0;

 		size_t savesSize = sizeof(char[TITLE_SEQUENCE_MAX_SAVE_LENGTH]) * gConfigTitleSequences.presets[duplicate].num_saves;
@@ -144,7 +144,7 @@ void title_sequence_duplicate_preset(int duplicate, const char *name)
 		char separator = platform_get_path_separator();
 		for (int i = 0; i < gConfigTitleSequences.presets[preset].num_saves; i++) {
 			if (gConfigTitleSequences.presets[duplicate].path[0]) {
-				strcpy(srcPath, gConfigTitleSequences.presets[duplicate].path);
+				safe_strncpy(srcPath, gConfigTitleSequences.presets[duplicate].path, MAX_PATH);
 				strcat(srcPath, gConfigTitleSequences.presets[duplicate].saves[i]);
 			}
 			else {
@@ -210,7 +210,7 @@ void title_sequence_rename_preset(int preset, const char *newName)
 		strcat(dest, newName);
 		platform_file_move(src, dest);

-		strcpy(gConfigTitleSequences.presets[preset].name, newName);
+		safe_strncpy(gConfigTitleSequences.presets[preset].name, newName, TITLE_SEQUENCE_NAME_SIZE);

 		// Rename the config preset name if needed
 		if (preset == gCurrentPreviewTitleSequence) {
@@ -224,7 +224,7 @@ void title_sequence_add_save(int preset, const char *path, const char *newName)
 {
 	utf8 newPath[MAX_PATH];
 	char *extension = (char*)path_get_extension(newName);
-	strcpy(newPath, newName);
+	safe_strncpy(newPath, newName, MAX_PATH);
 	if (_stricmp(extension, ".sv6") != 0 && _stricmp(extension, ".sc6") != 0)
 		strcat(newPath, ".sv6");
 	if (preset >= TITLE_SEQUENCE_DEFAULT_PRESETS && preset < gConfigTitleSequences.num_presets && filename_valid_characters(newPath) && !title_sequence_save_exists(preset, newPath) && platform_file_exists(path)) {
@@ -242,7 +242,7 @@ void title_sequence_add_save(int preset, const char *path, const char *newName)
 		gConfigTitleSequences.presets[preset].num_saves++;
 		gConfigTitleSequences.presets[preset].saves = realloc(gConfigTitleSequences.presets[preset].saves, sizeof(char[TITLE_SEQUENCE_MAX_SAVE_LENGTH]) * (size_t)gConfigTitleSequences.presets[preset].num_saves);

-		strcpy(gConfigTitleSequences.presets[preset].saves[gConfigTitleSequences.presets[preset].num_saves - 1], newName);
+		safe_strncpy(gConfigTitleSequences.presets[preset].saves[gConfigTitleSequences.presets[preset].num_saves - 1], newName, TITLE_SEQUENCE_MAX_SAVE_LENGTH);
 		// Add the appropriate extension if needed
 		if (_stricmp(extension, ".sv6") != 0 && _stricmp(extension, ".sc6") != 0)
 			strcat(gConfigTitleSequences.presets[preset].saves[gConfigTitleSequences.presets[preset].num_saves - 1], ".sv6");
@@ -272,7 +272,7 @@ void title_sequence_remove_save(int preset, int index)
 		}

 		for (int i = index; i < gConfigTitleSequences.presets[preset].num_saves - 1; i++) {
-			strcpy(gConfigTitleSequences.presets[preset].saves[i], gConfigTitleSequences.presets[preset].saves[i + 1]);
+			safe_strncpy(gConfigTitleSequences.presets[preset].saves[i], gConfigTitleSequences.presets[preset].saves[i + 1], TITLE_SEQUENCE_MAX_SAVE_LENGTH);
 		}
 		gConfigTitleSequences.presets[preset].num_saves--;
 		gConfigTitleSequences.presets[preset].saves = realloc(gConfigTitleSequences.presets[preset].saves, sizeof(char[TITLE_SEQUENCE_MAX_SAVE_LENGTH]) * (size_t)gConfigTitleSequences.presets[preset].num_saves);
@@ -302,7 +302,7 @@ void title_sequence_rename_save(int preset, int index, const char *newName)
 			strcat(dest, ".sv6");
 		platform_file_move(src, dest);

-		strcpy(gConfigTitleSequences.presets[preset].saves[index], newName);
+		safe_strncpy(gConfigTitleSequences.presets[preset].saves[index], newName, TITLE_SEQUENCE_MAX_SAVE_LENGTH);
 		// Add the appropriate extension if needed
 		if (_stricmp(extension, ".sv6") != 0 && _stricmp(extension, ".sc6") != 0)
 			strcat(gConfigTitleSequences.presets[preset].saves[index], ".sv6");
--- a/src/interface/widget.c
+++ b/src/interface/widget.c
@@ -26,6 +26,7 @@
 #include "window.h"
 #include "../platform/platform.h"
 #include "../localisation/localisation.h"
+#include "../util/util.h"

 static void widget_frame_draw(rct_drawpixelinfo *dpi, rct_window *w, int widgetIndex);
 static void widget_resize_draw(rct_drawpixelinfo *dpi, rct_window *w, int widgetIndex);
@@ -1174,7 +1175,7 @@ static void widget_text_box_draw(rct_drawpixelinfo *dpi, rct_window *w, int widg
 	if (!active) {

 		if (w->widgets[widgetIndex].image != 0) {
-			strcpy(wrapped_string, (char*)w->widgets[widgetIndex].image);
+			safe_strncpy(wrapped_string, (char*)w->widgets[widgetIndex].image, 512);
 			gfx_wrap_string(wrapped_string, r - l - 5, &no_lines, &font_height);
 			gfx_draw_string(dpi, wrapped_string, w->colours[1], l + 2, t);
 		}
@@ -1182,7 +1183,7 @@ static void widget_text_box_draw(rct_drawpixelinfo *dpi, rct_window *w, int widg
 	}


-	strcpy(wrapped_string, gTextBoxInput);
+	safe_strncpy(wrapped_string, gTextBoxInput, 512);

 	// String length needs to add 12 either side of box
 	// +13 for cursor when max length.