snprintf is evil and dangerous.

src/bindings/helpers.c

@@ -15,13 +15,14 @@ without prior permission by the authors of Eressea.
 
 #include <util/attrib.h>
 #include <util/base36.h>
+#include <util/bsdstring.h>
 #include <util/functions.h>
 #include <util/log.h>
 
 #include <kernel/config.h>
 #include <kernel/equipment.h>
 #include <kernel/faction.h>
-#include <kernel/magic.h>
+#include <kernel/spell.h>
 #include <kernel/race.h>
 #include <kernel/unit.h>
 #include <kernel/building.h>
@@ -77,7 +78,8 @@ static int limit_resource(const region * r, const resource_type * rtype)
   int result = -1;
   lua_State *L = (lua_State *) global.vm_state;
 
-  snprintf(fname, sizeof(fname), "%s_limit", rtype->_name[0]);
+  strlcpy(fname, rtype->_name[0], sizeof(fname));
+  strlcat(fname, "_limit", sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -105,7 +107,9 @@ produce_resource(region * r, const resource_type * rtype, int norders)
 {
   lua_State *L = (lua_State *) global.vm_state;
   char fname[64];
-  snprintf(fname, sizeof(fname), "%s_produce", rtype->_name[0]);
+
+  strlcpy(fname, rtype->_name[0], sizeof(fname));
+  strlcat(fname, "_produce", sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -245,7 +249,9 @@ static int lua_initfamiliar(unit * u)
   lua_State *L = (lua_State *) global.vm_state;
   char fname[64];
   int result = -1;
-  snprintf(fname, sizeof(fname), "initfamiliar_%s", u->race->_name[0]);
+
+  strlcpy(fname, "initfamiliar_", sizeof(fname));
+  strlcat(fname, u->race->_name[0], sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -267,7 +273,8 @@ static int lua_initfamiliar(unit * u)
 
   create_mage(u, M_GRAY);
 
-  snprintf(fname, sizeof(fname), "%s_familiar", u->race->_name[0]);
+  strlcpy(fname, u->race->_name[0], sizeof(fname));
+  strlcat(fname, "_familiar", sizeof(fname));
   equip_unit(u, get_equipment(fname));
   return result;
 }
@@ -278,7 +285,9 @@ lua_changeresource(unit * u, const struct resource_type *rtype, int delta)
   lua_State *L = (lua_State *) global.vm_state;
   int result = -1;
   char fname[64];
-  snprintf(fname, sizeof(fname), "%s_changeresource", rtype->_name[0]);
+
+  strlcpy(fname, rtype->_name[0], sizeof(fname));
+  strlcat(fname, "_changeresource", sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -307,7 +316,9 @@ static int lua_getresource(unit * u, const struct resource_type *rtype)
   lua_State *L = (lua_State *) global.vm_state;
   int result = -1;
   char fname[64];
-  snprintf(fname, sizeof(fname), "%s_getresource", rtype->_name[0]);
+
+  strlcpy(fname, rtype->_name[0], sizeof(fname));
+  strlcat(fname, "_getresource", sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -398,7 +409,8 @@ static void lua_agebuilding(building * b)
   lua_State *L = (lua_State *) global.vm_state;
   char fname[64];
 
-  snprintf(fname, sizeof(fname), "age_%s", b->type->_name);
+  strlcpy(fname, "age_", sizeof(fname));
+  strlcat(fname, b->type->_name, sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -502,7 +514,9 @@ static int lua_equipmentcallback(const struct equipment *eq, unit * u)
   lua_State *L = (lua_State *) global.vm_state;
   char fname[64];
   int result = -1;
-  snprintf(fname, sizeof(fname), "equip_%s", eq->name);
+
+  strlcpy(fname, "equip_", sizeof(fname));
+  strlcat(fname, eq->name, sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -532,7 +546,9 @@ lua_useitem(struct unit *u, const struct item_type *itype, int amount,
   lua_State *L = (lua_State *) global.vm_state;
   int result = 0;
   char fname[64];
-  snprintf(fname, sizeof(fname), "use_%s", itype->rtype->_name[0]);
+
+  strlcpy(fname, "use_", sizeof(fname));
+  strlcat(fname, itype->rtype->_name[0], sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);
@@ -561,7 +577,9 @@ static int lua_recruit(struct unit *u, const struct archetype *arch, int amount)
   lua_State *L = (lua_State *) global.vm_state;
   int result = 0;
   char fname[64];
-  snprintf(fname, sizeof(fname), "recruit_%s", arch->name[0]);
+
+  strlcpy(fname, "recruit_", sizeof(fname));
+  strlcat(fname, arch->name[0], sizeof(fname));
 
   lua_pushstring(L, fname);
   lua_rawget(L, LUA_GLOBALSINDEX);

src/gamecode/economy.c

@@ -55,6 +55,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 /* util includes */
 #include <util/attrib.h>
 #include <util/base36.h>
+#include <util/bsdstring.h>
 #include <util/event.h>
 #include <util/goodies.h>
 #include <util/lists.h>
@@ -264,7 +265,9 @@ static void add_recruits(unit * u, int number, int wanted)
       unew = create_unit(r, u->faction, number, u->race, 0, NULL, u);
     }
 
-    snprintf(equipment, sizeof(equipment), "new_%s_unit", u->race->_name[0]);
+    strlcpy(equipment, "new_", sizeof(equipment));
+    strlcat(equipment, u->race->_name[0], sizeof(equipment));
+    strlcat(equipment, "_unit", sizeof(equipment));
     equip_unit(unew, get_equipment(equipment));
 
     if (unew->race->ec_flags & ECF_REC_HORSES) {

src/gamecode/laws.c

@@ -2302,21 +2302,21 @@ static boolean display_race(faction * f, unit * u, const race * rc)
 
   /* hp_p : Trefferpunkte */
   bytes =
-    snprintf(bufp, size, " %d %s", rc->hitpoints, LOC(f->locale,
+    slprintf(bufp, size, " %d %s", rc->hitpoints, LOC(f->locale,
       "stat_hitpoints"));
   if (wrptr(&bufp, &size, bytes) != 0)
     WARN_STATIC_BUFFER();
 
   /* b_attacke : Angriff */
   bytes =
-    snprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_attack"),
+    slprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_attack"),
     (rc->at_default + rc->at_bonus));
   if (wrptr(&bufp, &size, bytes) != 0)
     WARN_STATIC_BUFFER();
 
   /* b_defense : Verteidigung */
   bytes =
-    snprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_defense"),
+    slprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_defense"),
     (rc->df_default + rc->df_bonus));
   if (wrptr(&bufp, &size, bytes) != 0)
     WARN_STATIC_BUFFER();
@@ -2324,7 +2324,7 @@ static boolean display_race(faction * f, unit * u, const race * rc)
   /* b_armor : Rüstung */
   if (rc->armor > 0) {
     bytes =
-      snprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_armor"), rc->armor);
+      slprintf(bufp, size, ", %s: %d", LOC(f->locale, "stat_armor"), rc->armor);
     if (wrptr(&bufp, &size, bytes) != 0)
       WARN_STATIC_BUFFER();
   }

src/gamecode/randenc.c

@@ -235,9 +235,9 @@ void find_manual(region * r, unit * u)
       break;
   }
 
-  snprintf(zLocation, sizeof(zLocation), "manual_location_%d",
+  slprintf(zLocation, sizeof(zLocation), "manual_location_%d",
     (int)(rng_int() % 4));
-  snprintf(zBook, sizeof(zLocation), "manual_title_%s", skillnames[skill]);
+  slprintf(zBook, sizeof(zLocation), "manual_title_%s", skillnames[skill]);
 
   msg = msg_message("find_manual", "unit location book", u, zLocation, zBook);
   r_addmessage(r, u->faction, msg);

src/kernel/alliance.c

@@ -31,6 +31,7 @@ without prior permission by the authors of Eressea.
 /* util includes */
 #include <util/attrib.h>
 #include <util/base36.h>
+#include <util/bsdstring.h>
 #include <util/language.h>
 #include <util/parser.h>
 #include <util/quicklist.h>
@@ -394,8 +395,7 @@ const char *alliancename(const alliance * al)
   char *ibuf = idbuf[(++nextbuf) % 8];
 
   if (al && al->name) {
-    snprintf(ibuf, sizeof(name), "%s (%s)", al->name, itoa36(al->id));
+    slprintf(ibuf, sizeof(name), "%s (%s)", al->name, itoa36(al->id));
-    ibuf[sizeof(name) - 1] = 0;
   } else {
     return NULL;
   }

src/kernel/battle.c

@@ -211,13 +211,7 @@ static char *sidename(side * s)
   static char sidename_buf[4][SIDENAMEBUFLEN];  /* STATIC_RESULT: used for return, not across calls */
 
   bufno = bufno % 4;
-  if (s->stealthfaction) {
+  strlcpy(sidename_buf[bufno], factionname(s->stealthfaction?s->stealthfaction:s->faction), SIDENAMEBUFLEN);
-    snprintf(sidename_buf[bufno], SIDENAMEBUFLEN,
-      "%s", factionname(s->stealthfaction));
-  } else {
-    snprintf(sidename_buf[bufno], SIDENAMEBUFLEN,
-      "%s", factionname(s->faction));
-  }
   return sidename_buf[bufno++];
 }
 
@@ -3850,9 +3844,8 @@ static int battle_report(battle * b)
           if (wrptr(&bufp, &size, bytes) != 0)
             WARN_STATIC_BUFFER();
         }
-        snprintf(buffer, sizeof(buffer), "%s %2d(%s): ",
+        slprintf(buffer, sizeof(buffer), "%s %2d(%s): ",
           loc_army, army_index(s), abbrev);
-        buffer[sizeof(buffer) - 1] = 0;
 
         bytes = (int)strlcpy(bufp, buffer, size);
         if (wrptr(&bufp, &size, bytes) != 0)

src/kernel/building.c

@@ -613,8 +613,7 @@ int bt_effsize(const building_type * btype, const building * b, int bsize)
 
 const char *write_buildingname(const building * b, char *ibuf, size_t size)
 {
-  snprintf((char *)ibuf, size, "%s (%s)", b->name, itoa36(b->no));
+  slprintf(ibuf, size, "%s (%s)", b->name, itoa36(b->no));
-  ibuf[size - 1] = 0;
   return ibuf;
 }
 

src/kernel/config.c

@@ -1653,8 +1653,7 @@ building *largestbuilding(const region * r, cmp_building_cb cmp_gt,
 
 char *write_unitname(const unit * u, char *buffer, size_t size)
 {
-  snprintf((char *)buffer, size, "%s (%s)", (const char *)u->name,
+  slprintf(buffer, size, "%s (%s)", (const char *)u->name, itoa36(u->no));
-    itoa36(u->no));
   buffer[size - 1] = 0;
   return buffer;
 }

src/kernel/connection.c

@@ -532,7 +532,7 @@ static const char *b_nameroad(const connection * b, const region * r,
     } else {
       int percent = MAX(1, 100 * local / r->terrain->max_road);
       if (local) {
-        snprintf(buffer, sizeof(buffer), LOC(f->locale, mkname("border",
+        slprintf(buffer, sizeof(buffer), LOC(f->locale, mkname("border",
               "a_road_percent")), percent);
       } else {
         return LOC(f->locale, mkname("border", "a_road_connection"));

src/kernel/faction.c

@@ -153,8 +153,7 @@ const char *factionname(const faction * f)
   char *ibuf = idbuf[(++nextbuf) % 8];
 
   if (f && f->name) {
-    snprintf(ibuf, sizeof(name), "%s (%s)", f->name, itoa36(f->no));
+    slprintf(ibuf, sizeof(name), "%s (%s)", f->name, itoa36(f->no));
-    ibuf[sizeof(name) - 1] = 0;
   } else {
     strcpy(ibuf, "Unbekannte Partei (?)");
   }
@@ -226,7 +225,7 @@ faction *addfaction(const char *email, const char *password,
   addlist(&factions, f);
   fhash(f);
 
-  snprintf(buf, sizeof(buf), "%s %s", LOC(loc, "factiondefault"), factionid(f));
+  slprintf(buf, sizeof(buf), "%s %s", LOC(loc, "factiondefault"), factionid(f));
   f->name = strdup(buf);
 
   return f;

src/kernel/move.c

@@ -2398,9 +2398,7 @@ static int hunt(unit * u, order * ord)
   }
 
   bufp = command;
-  bytes =
+  bytes = slprintf(bufp, size, "%s %s", LOC(u->faction->locale, keywords[K_MOVE]), LOC(u->faction->locale, directions[dir]));
-    snprintf(bufp, size, "%s %s", LOC(u->faction->locale, keywords[K_MOVE]),
-    LOC(u->faction->locale, directions[dir]));
   if (wrptr(&bufp, &size, bytes) != 0)
     WARN_STATIC_BUFFER();
 

src/kernel/region.c

@@ -41,6 +41,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 /* util includes */
 #include <util/attrib.h>
+#include <util/bsdstring.h>
 #include <util/goodies.h>
 #include <util/lists.h>
 #include <util/log.h>
@@ -114,15 +115,14 @@ const char *write_regionname(const region * r, const faction * f, char *buffer,
   char *buf = (char *)buffer;
   const struct locale *lang = f ? f->locale : 0;
   if (r == NULL) {
-    strcpy(buf, "(null)");
+    strlcpy(buf, "(null)", size);
   } else {
     plane *pl = rplane(r);
     int nx = r->x, ny = r->y;
     pnormalize(&nx, &ny, pl);
     adjust_coordinates(f, &nx, &ny, pl, r);
-    snprintf(buf, size, "%s (%d,%d)", rname(r, lang), nx, ny);
+    slprintf(buf, size, "%s (%d,%d)", rname(r, lang), nx, ny);
   }
-  buf[size - 1] = 0;
   return buffer;
 }
 

src/kernel/save.c

@@ -1552,7 +1552,8 @@ int readgame(const char *filename, int mode, int backup)
     store->r_str_buf(store, basefile, sizeof(basefile));
     if (strcmp(game_name, basefile) != 0) {
       char buffer[64];
-      snprintf(buffer, sizeof(buffer), "%s.xml", game_name);
+      strlcpy(buffer, game_name, sizeof(buffer));
+      strlcat(buffer, ".xml", sizeof(buffer));
       if (strcmp(basefile, buffer) != 0) {
         log_warning("game mismatch: datafile contains %s, game is %s\n", basefile, game_name);
         printf("WARNING: any key to continue, Ctrl-C to stop\n");

src/kernel/ship.c

@@ -233,8 +233,7 @@ void free_ships(void)
 
 const char *write_shipname(const ship * sh, char *ibuf, size_t size)
 {
-  snprintf(ibuf, size, "%s (%s)", sh->name, itoa36(sh->no));
+  slprintf(ibuf, size, "%s (%s)", sh->name, itoa36(sh->no));
-  ibuf[size - 1] = 0;
   return ibuf;
 }
 

src/kernel/unit.c

@@ -44,6 +44,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 /* util includes */
 #include <util/attrib.h>
 #include <util/base36.h>
+#include <util/bsdstring.h>
 #include <util/event.h>
 #include <util/goodies.h>
 #include <util/language.h>
@@ -1424,7 +1425,9 @@ void name_unit(unit * u)
     } else {
       result = parameters[P_UNIT];
     }
-    snprintf(name, sizeof(name), "%s %s", result, itoa36(u->no));
+    strlcpy(name, result, sizeof(name));
+    strlcat(name, " ", sizeof(name));
+    strlcat(name, itoa36(u->no), sizeof(name));
     unit_setname(u, name);
   }
 }