forked from github/server
snprintf is evil and dangerous.
This commit is contained in:
parent
330bc9c13b
commit
347ff0dd77
|
@ -15,13 +15,14 @@ without prior permission by the authors of Eressea.
|
|||
|
||||
#include <util/attrib.h>
|
||||
#include <util/base36.h>
|
||||
#include <util/bsdstring.h>
|
||||
#include <util/functions.h>
|
||||
#include <util/log.h>
|
||||
|
||||
#include <kernel/config.h>
|
||||
#include <kernel/equipment.h>
|
||||
#include <kernel/faction.h>
|
||||
#include <kernel/magic.h>
|
||||
#include <kernel/spell.h>
|
||||
#include <kernel/race.h>
|
||||
#include <kernel/unit.h>
|
||||
#include <kernel/building.h>
|
||||
|
@ -77,7 +78,8 @@ static int limit_resource(const region * r, const resource_type * rtype)
|
|||
int result = -1;
|
||||
lua_State *L = (lua_State *) global.vm_state;
|
||||
|
||||
snprintf(fname, sizeof(fname), "%s_limit", rtype->_name[0]);
|
||||
strlcpy(fname, rtype->_name[0], sizeof(fname));
|
||||
strlcat(fname, "_limit", sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -105,7 +107,9 @@ produce_resource(region * r, const resource_type * rtype, int norders)
|
|||
{
|
||||
lua_State *L = (lua_State *) global.vm_state;
|
||||
char fname[64];
|
||||
snprintf(fname, sizeof(fname), "%s_produce", rtype->_name[0]);
|
||||
|
||||
strlcpy(fname, rtype->_name[0], sizeof(fname));
|
||||
strlcat(fname, "_produce", sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -245,7 +249,9 @@ static int lua_initfamiliar(unit * u)
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
char fname[64];
|
||||
int result = -1;
|
||||
snprintf(fname, sizeof(fname), "initfamiliar_%s", u->race->_name[0]);
|
||||
|
||||
strlcpy(fname, "initfamiliar_", sizeof(fname));
|
||||
strlcat(fname, u->race->_name[0], sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -267,7 +273,8 @@ static int lua_initfamiliar(unit * u)
|
|||
|
||||
create_mage(u, M_GRAY);
|
||||
|
||||
snprintf(fname, sizeof(fname), "%s_familiar", u->race->_name[0]);
|
||||
strlcpy(fname, u->race->_name[0], sizeof(fname));
|
||||
strlcat(fname, "_familiar", sizeof(fname));
|
||||
equip_unit(u, get_equipment(fname));
|
||||
return result;
|
||||
}
|
||||
|
@ -278,7 +285,9 @@ lua_changeresource(unit * u, const struct resource_type *rtype, int delta)
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
int result = -1;
|
||||
char fname[64];
|
||||
snprintf(fname, sizeof(fname), "%s_changeresource", rtype->_name[0]);
|
||||
|
||||
strlcpy(fname, rtype->_name[0], sizeof(fname));
|
||||
strlcat(fname, "_changeresource", sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -307,7 +316,9 @@ static int lua_getresource(unit * u, const struct resource_type *rtype)
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
int result = -1;
|
||||
char fname[64];
|
||||
snprintf(fname, sizeof(fname), "%s_getresource", rtype->_name[0]);
|
||||
|
||||
strlcpy(fname, rtype->_name[0], sizeof(fname));
|
||||
strlcat(fname, "_getresource", sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -398,7 +409,8 @@ static void lua_agebuilding(building * b)
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
char fname[64];
|
||||
|
||||
snprintf(fname, sizeof(fname), "age_%s", b->type->_name);
|
||||
strlcpy(fname, "age_", sizeof(fname));
|
||||
strlcat(fname, b->type->_name, sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -502,7 +514,9 @@ static int lua_equipmentcallback(const struct equipment *eq, unit * u)
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
char fname[64];
|
||||
int result = -1;
|
||||
snprintf(fname, sizeof(fname), "equip_%s", eq->name);
|
||||
|
||||
strlcpy(fname, "equip_", sizeof(fname));
|
||||
strlcat(fname, eq->name, sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -532,7 +546,9 @@ lua_useitem(struct unit *u, const struct item_type *itype, int amount,
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
int result = 0;
|
||||
char fname[64];
|
||||
snprintf(fname, sizeof(fname), "use_%s", itype->rtype->_name[0]);
|
||||
|
||||
strlcpy(fname, "use_", sizeof(fname));
|
||||
strlcat(fname, itype->rtype->_name[0], sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
@ -561,7 +577,9 @@ static int lua_recruit(struct unit *u, const struct archetype *arch, int amount)
|
|||
lua_State *L = (lua_State *) global.vm_state;
|
||||
int result = 0;
|
||||
char fname[64];
|
||||
snprintf(fname, sizeof(fname), "recruit_%s", arch->name[0]);
|
||||
|
||||
strlcpy(fname, "recruit_", sizeof(fname));
|
||||
strlcat(fname, arch->name[0], sizeof(fname));
|
||||
|
||||
lua_pushstring(L, fname);
|
||||
lua_rawget(L, LUA_GLOBALSINDEX);
|
||||
|
|
|
@ -55,6 +55,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|||
/* util includes */
|
||||
#include <util/attrib.h>
|
||||
#include <util/base36.h>
|
||||
#include <util/bsdstring.h>
|
||||
#include <util/event.h>
|
||||
#include <util/goodies.h>
|
||||
#include <util/lists.h>
|
||||
|
@ -264,7 +265,9 @@ static void add_recruits(unit * u, int number, int wanted)
|
|||
unew = create_unit(r, u->faction, number, u->race, 0, NULL, u);
|
||||
}
|
||||
|
||||
snprintf(equipment, sizeof(equipment), "new_%s_unit", u->race->_name[0]);
|
||||
strlcpy(equipment, "new_", sizeof(equipment));
|
||||
strlcat(equipment, u->race->_name[0], sizeof(equipment));
|
||||
strlcat(equipment, "_unit", sizeof(equipment));
|
||||
equip_unit(unew, get_equipment(equipment));
|
||||
|
||||
if (unew->race->ec_flags & ECF_REC_HORSES) {
|
||||
|
|
|
@ -2302,21 +2302,21 @@ static boolean display_race(faction * f, unit * u, const race * rc)
|
|||
|
||||
/* hp_p : Trefferpunkte */
|
||||
bytes =
|
||||
snprintf(bufp, size, " %d %s", rc->hitpoints, LOC(f->locale,
|
||||
slprintf(bufp, size, " %d %s", rc->hitpoints, LOC(f->locale,
|
||||
"stat_hitpoints"));
|
||||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
WARN_STATIC_BUFFER();
|
||||
|
||||
/* b_attacke : Angriff */
|
||||
bytes =
|
||||
snprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_attack"),
|
||||
slprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_attack"),
|
||||
(rc->at_default + rc->at_bonus));
|
||||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
WARN_STATIC_BUFFER();
|
||||
|
||||
/* b_defense : Verteidigung */
|
||||
bytes =
|
||||
snprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_defense"),
|
||||
slprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_defense"),
|
||||
(rc->df_default + rc->df_bonus));
|
||||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
WARN_STATIC_BUFFER();
|
||||
|
@ -2324,7 +2324,7 @@ static boolean display_race(faction * f, unit * u, const race * rc)
|
|||
/* b_armor : Rüstung */
|
||||
if (rc->armor > 0) {
|
||||
bytes =
|
||||
snprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_armor"), rc->armor);
|
||||
slprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_armor"), rc->armor);
|
||||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
WARN_STATIC_BUFFER();
|
||||
}
|
||||
|
|
|
@ -235,9 +235,9 @@ void find_manual(region * r, unit * u)
|
|||
break;
|
||||
}
|
||||
|
||||
snprintf(zLocation, sizeof(zLocation), "manual_location_%d",
|
||||
slprintf(zLocation, sizeof(zLocation), "manual_location_%d",
|
||||
(int)(rng_int() % 4));
|
||||
snprintf(zBook, sizeof(zLocation), "manual_title_%s", skillnames[skill]);
|
||||
slprintf(zBook, sizeof(zLocation), "manual_title_%s", skillnames[skill]);
|
||||
|
||||
msg = msg_message("find_manual", "unit location book", u, zLocation, zBook);
|
||||
r_addmessage(r, u->faction, msg);
|
||||
|
|
|
@ -31,6 +31,7 @@ without prior permission by the authors of Eressea.
|
|||
/* util includes */
|
||||
#include <util/attrib.h>
|
||||
#include <util/base36.h>
|
||||
#include <util/bsdstring.h>
|
||||
#include <util/language.h>
|
||||
#include <util/parser.h>
|
||||
#include <util/quicklist.h>
|
||||
|
@ -394,8 +395,7 @@ const char *alliancename(const alliance * al)
|
|||
char *ibuf = idbuf[(++nextbuf) % 8];
|
||||
|
||||
if (al && al->name) {
|
||||
snprintf(ibuf, sizeof(name), "%s (%s)", al->name, itoa36(al->id));
|
||||
ibuf[sizeof(name) - 1] = 0;
|
||||
slprintf(ibuf, sizeof(name), "%s (%s)", al->name, itoa36(al->id));
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -211,13 +211,7 @@ static char *sidename(side * s)
|
|||
static char sidename_buf[4][SIDENAMEBUFLEN]; /* STATIC_RESULT: used for return, not across calls */
|
||||
|
||||
bufno = bufno % 4;
|
||||
if (s->stealthfaction) {
|
||||
snprintf(sidename_buf[bufno], SIDENAMEBUFLEN,
|
||||
"%s", factionname(s->stealthfaction));
|
||||
} else {
|
||||
snprintf(sidename_buf[bufno], SIDENAMEBUFLEN,
|
||||
"%s", factionname(s->faction));
|
||||
}
|
||||
strlcpy(sidename_buf[bufno], factionname(s->stealthfaction?s->stealthfaction:s->faction), SIDENAMEBUFLEN);
|
||||
return sidename_buf[bufno++];
|
||||
}
|
||||
|
||||
|
@ -3850,9 +3844,8 @@ static int battle_report(battle * b)
|
|||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
WARN_STATIC_BUFFER();
|
||||
}
|
||||
snprintf(buffer, sizeof(buffer), "%s %2d(%s): ",
|
||||
slprintf(buffer, sizeof(buffer), "%s %2d(%s): ",
|
||||
loc_army, army_index(s), abbrev);
|
||||
buffer[sizeof(buffer) - 1] = 0;
|
||||
|
||||
bytes = (int)strlcpy(bufp, buffer, size);
|
||||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
|
|
|
@ -613,8 +613,7 @@ int bt_effsize(const building_type * btype, const building * b, int bsize)
|
|||
|
||||
const char *write_buildingname(const building * b, char *ibuf, size_t size)
|
||||
{
|
||||
snprintf((char *)ibuf, size, "%s (%s)", b->name, itoa36(b->no));
|
||||
ibuf[size - 1] = 0;
|
||||
slprintf(ibuf, size, "%s (%s)", b->name, itoa36(b->no));
|
||||
return ibuf;
|
||||
}
|
||||
|
||||
|
|
|
@ -1653,8 +1653,7 @@ building *largestbuilding(const region * r, cmp_building_cb cmp_gt,
|
|||
|
||||
char *write_unitname(const unit * u, char *buffer, size_t size)
|
||||
{
|
||||
snprintf((char *)buffer, size, "%s (%s)", (const char *)u->name,
|
||||
itoa36(u->no));
|
||||
slprintf(buffer, size, "%s (%s)", (const char *)u->name, itoa36(u->no));
|
||||
buffer[size - 1] = 0;
|
||||
return buffer;
|
||||
}
|
||||
|
|
|
@ -532,7 +532,7 @@ static const char *b_nameroad(const connection * b, const region * r,
|
|||
} else {
|
||||
int percent = MAX(1, 100 * local / r->terrain->max_road);
|
||||
if (local) {
|
||||
snprintf(buffer, sizeof(buffer), LOC(f->locale, mkname("border",
|
||||
slprintf(buffer, sizeof(buffer), LOC(f->locale, mkname("border",
|
||||
"a_road_percent")), percent);
|
||||
} else {
|
||||
return LOC(f->locale, mkname("border", "a_road_connection"));
|
||||
|
|
|
@ -153,8 +153,7 @@ const char *factionname(const faction * f)
|
|||
char *ibuf = idbuf[(++nextbuf) % 8];
|
||||
|
||||
if (f && f->name) {
|
||||
snprintf(ibuf, sizeof(name), "%s (%s)", f->name, itoa36(f->no));
|
||||
ibuf[sizeof(name) - 1] = 0;
|
||||
slprintf(ibuf, sizeof(name), "%s (%s)", f->name, itoa36(f->no));
|
||||
} else {
|
||||
strcpy(ibuf, "Unbekannte Partei (?)");
|
||||
}
|
||||
|
@ -226,7 +225,7 @@ faction *addfaction(const char *email, const char *password,
|
|||
addlist(&factions, f);
|
||||
fhash(f);
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s %s", LOC(loc, "factiondefault"), factionid(f));
|
||||
slprintf(buf, sizeof(buf), "%s %s", LOC(loc, "factiondefault"), factionid(f));
|
||||
f->name = strdup(buf);
|
||||
|
||||
return f;
|
||||
|
|
|
@ -2398,9 +2398,7 @@ static int hunt(unit * u, order * ord)
|
|||
}
|
||||
|
||||
bufp = command;
|
||||
bytes =
|
||||
snprintf(bufp, size, "%s %s", LOC(u->faction->locale, keywords[K_MOVE]),
|
||||
LOC(u->faction->locale, directions[dir]));
|
||||
bytes = slprintf(bufp, size, "%s %s", LOC(u->faction->locale, keywords[K_MOVE]), LOC(u->faction->locale, directions[dir]));
|
||||
if (wrptr(&bufp, &size, bytes) != 0)
|
||||
WARN_STATIC_BUFFER();
|
||||
|
||||
|
|
|
@ -41,6 +41,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|||
|
||||
/* util includes */
|
||||
#include <util/attrib.h>
|
||||
#include <util/bsdstring.h>
|
||||
#include <util/goodies.h>
|
||||
#include <util/lists.h>
|
||||
#include <util/log.h>
|
||||
|
@ -114,15 +115,14 @@ const char *write_regionname(const region * r, const faction * f, char *buffer,
|
|||
char *buf = (char *)buffer;
|
||||
const struct locale *lang = f ? f->locale : 0;
|
||||
if (r == NULL) {
|
||||
strcpy(buf, "(null)");
|
||||
strlcpy(buf, "(null)", size);
|
||||
} else {
|
||||
plane *pl = rplane(r);
|
||||
int nx = r->x, ny = r->y;
|
||||
pnormalize(&nx, &ny, pl);
|
||||
adjust_coordinates(f, &nx, &ny, pl, r);
|
||||
snprintf(buf, size, "%s (%d,%d)", rname(r, lang), nx, ny);
|
||||
slprintf(buf, size, "%s (%d,%d)", rname(r, lang), nx, ny);
|
||||
}
|
||||
buf[size - 1] = 0;
|
||||
return buffer;
|
||||
}
|
||||
|
||||
|
|
|
@ -1552,7 +1552,8 @@ int readgame(const char *filename, int mode, int backup)
|
|||
store->r_str_buf(store, basefile, sizeof(basefile));
|
||||
if (strcmp(game_name, basefile) != 0) {
|
||||
char buffer[64];
|
||||
snprintf(buffer, sizeof(buffer), "%s.xml", game_name);
|
||||
strlcpy(buffer, game_name, sizeof(buffer));
|
||||
strlcat(buffer, ".xml", sizeof(buffer));
|
||||
if (strcmp(basefile, buffer) != 0) {
|
||||
log_warning("game mismatch: datafile contains %s, game is %s\n", basefile, game_name);
|
||||
printf("WARNING: any key to continue, Ctrl-C to stop\n");
|
||||
|
|
|
@ -233,8 +233,7 @@ void free_ships(void)
|
|||
|
||||
const char *write_shipname(const ship * sh, char *ibuf, size_t size)
|
||||
{
|
||||
snprintf(ibuf, size, "%s (%s)", sh->name, itoa36(sh->no));
|
||||
ibuf[size - 1] = 0;
|
||||
slprintf(ibuf, size, "%s (%s)", sh->name, itoa36(sh->no));
|
||||
return ibuf;
|
||||
}
|
||||
|
||||
|
|
|
@ -44,6 +44,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|||
/* util includes */
|
||||
#include <util/attrib.h>
|
||||
#include <util/base36.h>
|
||||
#include <util/bsdstring.h>
|
||||
#include <util/event.h>
|
||||
#include <util/goodies.h>
|
||||
#include <util/language.h>
|
||||
|
@ -1424,7 +1425,9 @@ void name_unit(unit * u)
|
|||
} else {
|
||||
result = parameters[P_UNIT];
|
||||
}
|
||||
snprintf(name, sizeof(name), "%s %s", result, itoa36(u->no));
|
||||
strlcpy(name, result, sizeof(name));
|
||||
strlcat(name, " ", sizeof(name));
|
||||
strlcat(name, itoa36(u->no), sizeof(name));
|
||||
unit_setname(u, name);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue