Removed all calls to strcpy; most of them are now calls to strlcpy or memcpy.
authormolivier <molivier@d7cf8633-e32d-0410-b094-e92efae38249>
Sat, 5 Aug 2006 12:31:03 +0000 (12:31 +0000)
committermolivier <molivier@d7cf8633-e32d-0410-b094-e92efae38249>
Sat, 5 Aug 2006 12:31:03 +0000 (12:31 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@6544 d7cf8633-e32d-0410-b094-e92efae38249

34 files changed:
cl_main.c
cl_parse.c
clvm_cmds.c
cmd.c
common.c
common.h
console.c
cvar.c
dpvsimpledecode.c
filematch.c
fs.c
gl_draw.c
gl_rmain.c
host.c
host_cmd.c
image.c
keys.c
lhnet.c
menu.c
model_alias.c
model_brush.c
model_shared.c
prvm_cmds.c
prvm_edict.c
r_shadow.c
r_sky.c
sbar.c
snd_mem.c
sv_main.c
sys_sdl.c
sys_win.c
vid_agl.c
vid_glx.c
vid_wgl.c

index 46cd234..363bdce 100644 (file)
--- a/cl_main.c
+++ b/cl_main.c
@@ -442,13 +442,16 @@ static void CL_PrintEntities_f(void)
 
        for (i = 0, ent = cl.entities;i < cl.num_entities;i++, ent++)
        {
+               const char* modelname;
+
                if (!ent->state_current.active)
                        continue;
 
                if (ent->render.model)
-                       strlcpy (name, ent->render.model->name, 25);
+                       modelname = ent->render.model->name;
                else
-                       strcpy(name, "--no model--");
+                       modelname = "--no model--";
+               strlcpy(name, modelname, 25);
                for (j = (int)strlen(name);j < 25;j++)
                        name[j] = ' ';
                Con_Printf("%3i: %s:%4i (%5i %5i %5i) [%3i %3i %3i] %4.2f %5.3f\n", i, name, ent->render.frame, (int) ent->render.matrix.m[0][3], (int) ent->render.matrix.m[1][3], (int) ent->render.matrix.m[2][3], (int) ent->render.angles[0] % 360, (int) ent->render.angles[1] % 360, (int) ent->render.angles[2] % 360, ent->render.scale, ent->render.alpha);
index 18b1e97..a8d6fb6 100644 (file)
@@ -2251,7 +2251,7 @@ void CL_ParseServerMessage(void)
                                {
                                        char description[32*64], temp[64];
                                        int count;
-                                       strcpy(description, "packet dump: ");
+                                       strlcpy(description, "packet dump: ", sizeof(description));
                                        i = cmdcount - 32;
                                        if (i < 0)
                                                i = 0;
@@ -2591,7 +2591,7 @@ void CL_ParseServerMessage(void)
                                {
                                        char description[32*64], temp[64];
                                        int count;
-                                       strcpy (description, "packet dump: ");
+                                       strlcpy (description, "packet dump: ", sizeof(description));
                                        i = cmdcount - 32;
                                        if (i < 0)
                                                i = 0;
index 64e8025..4a4dff9 100644 (file)
@@ -1218,7 +1218,7 @@ void VM_CL_getplayerkey (void)
        t[0] = 0;
 
        if(!strcasecmp(c, "name"))
-               strcpy(t, cl.scores[i].name);
+               strlcpy(t, cl.scores[i].name, sizeof(t));
        else
                if(!strcasecmp(c, "frags"))
                        sprintf(t, "%i", cl.scores[i].frags);
@@ -1243,7 +1243,7 @@ void VM_CL_getplayerkey (void)
        if(!t[0])
                return;
        temp = VM_GetTempString();
-       strcpy(temp, t);
+       strlcpy(temp, t, VM_STRINGTEMP_LENGTH);
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(temp);
 }
 
@@ -1268,8 +1268,11 @@ void VM_CL_registercmd (void)
        VM_SAFEPARMCOUNT(1, VM_CL_registercmd);
        if(!Cmd_Exists(PRVM_G_STRING(OFS_PARM0)))
        {
-               t = (char *)Z_Malloc(strlen(PRVM_G_STRING(OFS_PARM0))+1);
-               strcpy(t, PRVM_G_STRING(OFS_PARM0));
+               size_t alloclen;
+               
+               alloclen = strlen(PRVM_G_STRING(OFS_PARM0)) + 1;
+               t = (char *)Z_Malloc(alloclen);
+               memcpy(t, PRVM_G_STRING(OFS_PARM0), alloclen);
                Cmd_AddCommand(t, NULL, "console command created by QuakeC");
        }
        else
@@ -1341,7 +1344,7 @@ void VM_CL_ReadString (void)
        PRVM_G_INT(OFS_RETURN) = 0;
        if(s)
        {
-               strcpy(t, s);
+               strlcpy(t, s, VM_STRINGTEMP_LENGTH);
                PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(t);
        }
 }
diff --git a/cmd.c b/cmd.c
index f6741f3..504a88d 100644 (file)
--- a/cmd.c
+++ b/cmd.c
@@ -401,6 +401,7 @@ static void Cmd_Alias_f (void)
        char            cmd[MAX_INPUTLINE];
        int                     i, c;
        const char              *s;
+       size_t          alloclen;
 
        if (Cmd_Argc() == 1)
        {
@@ -456,8 +457,9 @@ static void Cmd_Alias_f (void)
        }
        strlcat (cmd, "\n", sizeof (cmd));
 
-       a->value = (char *)Z_Malloc (strlen (cmd) + 1);
-       strcpy (a->value, cmd);
+       alloclen = strlen (cmd) + 1;
+       a->value = (char *)Z_Malloc (alloclen);
+       memcpy (a->value, cmd, alloclen);
 }
 
 /*
@@ -772,7 +774,7 @@ static void Cmd_TokenizeString (const char *text)
                                Con_Printf("Cmd_TokenizeString: ran out of %i character buffer space for command arguements\n", CMD_TOKENIZELENGTH);
                                break;
                        }
-                       strcpy (cmd_tokenizebuffer + cmd_tokenizebufferpos, com_token);
+                       memcpy (cmd_tokenizebuffer + cmd_tokenizebufferpos, com_token, l);
                        cmd_argv[cmd_argc] = cmd_tokenizebuffer + cmd_tokenizebufferpos;
                        cmd_tokenizebufferpos += l;
                        cmd_argc++;
index 9e5d425..739fe4a 100644 (file)
--- a/common.c
+++ b/common.c
@@ -1416,7 +1416,7 @@ void InfoString_SetValue(char *buffer, size_t bufferlength, const char *key, con
        else
        {
                // just remove the key from the text
-               strcpy(buffer + pos, buffer + pos2);
+               strlcpy(buffer + pos, buffer + pos2, bufferlength - pos);
        }
 }
 
index 1306776..1cfcfd4 100644 (file)
--- a/common.h
+++ b/common.h
@@ -229,9 +229,9 @@ extern int dpsnprintf (char *buffer, size_t buffersize, const char *format, ...)
 extern int dpvsnprintf (char *buffer, size_t buffersize, const char *format, va_list args);
 
 // A bunch of functions are forbidden for security reasons (and also to please MSVS 2005, for some of them)
-#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT
+#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT_OR_MEMCPY
 #define strncat DO_NOT_USE_STRNCAT__USE_STRLCAT_OR_MEMCPY
-//#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY
+#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY_OR_MEMCPY
 #define strncpy DO_NOT_USE_STRNCPY__USE_STRLCPY_OR_MEMCPY
 //#define sprintf DO_NOT_USE_SPRINTF__USE_DPSNPRINTF
 
index c244706..dad2139 100644 (file)
--- a/console.c
+++ b/console.c
@@ -705,7 +705,8 @@ void Con_DrawInput (void)
        if (!key_consoleactive)
                return;         // don't draw anything
 
-       text = strcpy(editlinecopy, key_lines[edit_line]);
+       strlcpy(editlinecopy, key_lines[edit_line], sizeof(editlinecopy));
+       text = editlinecopy;
 
        // Advanced Console Editing by Radix radix@planetquake.com
        // Added/Modified by EvilTypeGuy eviltypeguy@qeradiant.com
@@ -818,7 +819,7 @@ void Con_DrawNotify (void)
                while ((int)strlen(temptext) >= con_linewidth)
                {
                        DrawQ_ColoredString( 0, v, temptext, con_linewidth, con_textsize.value, con_textsize.value, 1.0, 1.0, 1.0, 1.0, 0, &colorindex );
-                       strcpy(temptext, &temptext[con_linewidth]);
+                       strlcpy(temptext, &temptext[con_linewidth], sizeof(temptext));
                        v += con_textsize.value;
                }
                if (strlen(temptext) > 0)
@@ -918,7 +919,7 @@ qboolean GetMapList (const char *s, char *completedname, int completednamebuffer
                const char *data = NULL;
                char keyname[64];
                char entfilename[MAX_QPATH];
-               strcpy(message, "^1**ERROR**^7");
+               strlcpy(message, "^1**ERROR**^7", sizeof(message));
                p = 0;
                f = FS_Open(t->filenames[i], "rb", true, false);
                if(f)
@@ -960,7 +961,7 @@ qboolean GetMapList (const char *s, char *completedname, int completednamebuffer
                        else
                                p = 0;
                        strlcpy(entfilename, t->filenames[i], sizeof(entfilename));
-                       strcpy(entfilename + strlen(entfilename) - 4, ".ent");
+                       memcpy(entfilename + strlen(entfilename) - 4, ".ent", 5);
                        entities = (char *)FS_LoadFile(entfilename, tempmempool, true, NULL);
                        if (!entities && lumplen >= 10)
                        {
@@ -1008,12 +1009,12 @@ qboolean GetMapList (const char *s, char *completedname, int completednamebuffer
                *(t->filenames[i]+len[i]+5) = 0;
                switch(p)
                {
-               case Q3BSPVERSION:      strcpy((char *)buf, "Q3");break;
-               case Q2BSPVERSION:      strcpy((char *)buf, "Q2");break;
-               case BSPVERSION:        strcpy((char *)buf, "Q1");break;
-               case MCBSPVERSION:      strcpy((char *)buf, "MC");break;
-               case 30:                        strcpy((char *)buf, "HL");break;
-               default:                        strcpy((char *)buf, "??");break;
+               case Q3BSPVERSION:      strlcpy((char *)buf, "Q3", sizeof(buf));break;
+               case Q2BSPVERSION:      strlcpy((char *)buf, "Q2", sizeof(buf));break;
+               case BSPVERSION:        strlcpy((char *)buf, "Q1", sizeof(buf));break;
+               case MCBSPVERSION:      strlcpy((char *)buf, "MC", sizeof(buf));break;
+               case 30:                        strlcpy((char *)buf, "HL", sizeof(buf));break;
+               default:                        strlcpy((char *)buf, "??", sizeof(buf));break;
                }
                Con_Printf("%16s (%s) %s\n", t->filenames[i]+5, buf, message);
        }
@@ -1161,7 +1162,7 @@ void Con_CompleteCommandLine (void)
        if (!(c + v + a))       // No possible matches
        {
                if(s2[0])
-                       strcpy(&key_lines[edit_line][key_linepos], s2);
+                       strlcpy(&key_lines[edit_line][key_linepos], s2, sizeof(key_lines[edit_line]) - key_linepos);
                return;
        }
 
diff --git a/cvar.c b/cvar.c
index fb08b23..6767ea6 100644 (file)
--- a/cvar.c
+++ b/cvar.c
@@ -215,6 +215,7 @@ Cvar_Set
 void Cvar_SetQuick_Internal (cvar_t *var, const char *value)
 {
        qboolean changed;
+       size_t valuelen;
 
        changed = strcmp(var->string, value);
        // LordHavoc: don't reallocate when there is no change
@@ -222,13 +223,14 @@ void Cvar_SetQuick_Internal (cvar_t *var, const char *value)
                return;
 
        // LordHavoc: don't reallocate when the buffer is the same size
-       if (!var->string || strlen(var->string) != strlen(value))
+       valuelen = strlen(value);
+       if (!var->string || strlen(var->string) != valuelen)
        {
                Z_Free (var->string);   // free the old value string
 
-               var->string = (char *)Z_Malloc (strlen(value)+1);
+               var->string = (char *)Z_Malloc (valuelen + 1);
        }
-       strcpy (var->string, value);
+       memcpy (var->string, value, valuelen + 1);
        var->value = atof (var->string);
        var->integer = (int) var->value;
        if ((var->flags & CVAR_NOTIFY) && changed && sv.active)
@@ -315,6 +317,7 @@ void Cvar_RegisterVariable (cvar_t *variable)
        int hashindex;
        cvar_t *current, *next, *cvar;
        char *oldstr;
+       size_t alloclen;
 
        if (developer.integer >= 100)
                Con_Printf("Cvar_RegisterVariable({\"%s\", \"%s\", %i});\n", variable->name, variable->string, variable->flags);
@@ -371,10 +374,11 @@ void Cvar_RegisterVariable (cvar_t *variable)
 
 // copy the value off, because future sets will Z_Free it
        oldstr = variable->string;
-       variable->string = (char *)Z_Malloc (strlen(variable->string)+1);
-       strcpy (variable->string, oldstr);
-       variable->defstring = (char *)Z_Malloc (strlen(variable->string)+1);
-       strcpy (variable->defstring, oldstr);
+       alloclen = strlen(variable->string) + 1;
+       variable->string = (char *)Z_Malloc (alloclen);
+       memcpy (variable->string, oldstr, alloclen);
+       variable->defstring = (char *)Z_Malloc (alloclen);
+       memcpy (variable->defstring, oldstr, alloclen);
        variable->value = atof (variable->string);
        variable->integer = (int) variable->value;
 
@@ -406,6 +410,7 @@ cvar_t *Cvar_Get (const char *name, const char *value, int flags)
 {
        int hashindex;
        cvar_t *current, *next, *cvar;
+       size_t alloclen;
 
        if (developer.integer >= 100)
                Con_Printf("Cvar_Get(\"%s\", \"%s\", %i);\n", name, value, flags);
@@ -427,15 +432,18 @@ cvar_t *Cvar_Get (const char *name, const char *value, int flags)
        }
 
 // allocate a new cvar, cvar name, and cvar string
+// TODO: factorize the following code with the one at the end of Cvar_RegisterVariable()
 // FIXME: these never get Z_Free'd
        cvar = (cvar_t *)Z_Malloc(sizeof(cvar_t));
        cvar->flags = flags | CVAR_ALLOCATED;
-       cvar->name = (char *)Z_Malloc(strlen(name)+1);
-       strcpy(cvar->name, name);
-       cvar->string = (char *)Z_Malloc(strlen(value)+1);
-       strcpy(cvar->string, value);
-       cvar->defstring = (char *)Z_Malloc(strlen(value)+1);
-       strcpy(cvar->defstring, value);
+       alloclen = strlen(name) + 1;
+       cvar->name = (char *)Z_Malloc(alloclen);
+       memcpy(cvar->name, name, alloclen);
+       alloclen = strlen(value) + 1;
+       cvar->string = (char *)Z_Malloc(alloclen);
+       memcpy(cvar->string, value, alloclen);
+       cvar->defstring = (char *)Z_Malloc(alloclen);
+       memcpy(cvar->defstring, value, alloclen);
        cvar->value = atof (cvar->string);
        cvar->integer = (int) cvar->value;
        cvar->description = "custom cvar";
@@ -505,11 +513,14 @@ void Cvar_LockDefaults_f (void)
        {
                if (!(var->flags & CVAR_DEFAULTSET))
                {
+                       size_t alloclen;
+
                        //Con_Printf("locking cvar %s (%s -> %s)\n", var->name, var->string, var->defstring);
                        var->flags |= CVAR_DEFAULTSET;
                        Z_Free(var->defstring);
-                       var->defstring = (char *)Z_Malloc(strlen(var->string) + 1);
-                       strcpy(var->defstring, var->string);
+                       alloclen = strlen(var->string) + 1;
+                       var->defstring = (char *)Z_Malloc(alloclen);
+                       memcpy(var->defstring, var->string, alloclen);
                }
        }
 }
index 2853652..7519c3f 100644 (file)
@@ -333,30 +333,6 @@ static int dpvsimpledecode_setpixelformat(dpvsimpledecodestream_t *s, unsigned i
 
 // opening and closing streams
 
-static void StripExtension(char *in, char *out)
-{
-       char *dot, *c;
-       dot = NULL;
-       for (c = in;*c;c++)
-       {
-               if (*c == ':' || *c == '\\' || *c == '/')
-                       dot = NULL;
-               if (*c == '.')
-                       dot = c;
-       }
-       if (dot == NULL)
-       {
-               // nothing to remove
-               strcpy(out, in);
-               return;
-       }
-       else
-       {
-               memcpy(out, in, dot - in);
-               out[dot - in] = 0;
-       }
-}
-
 // opens a stream
 void *dpvsimpledecode_open(char *filename, char **errorstring)
 {
@@ -400,7 +376,7 @@ void *dpvsimpledecode_open(char *filename, char **errorstring)
                                                                {
                                                                        sfx_t* sfx;
 
-                                                                       StripExtension(filename, wavename);
+                                                                       FS_StripExtension(filename, wavename, namelen);
                                                                        strlcat(wavename, ".wav", namelen);
                                                                        sfx = S_PrecacheSound (wavename, false, false);
                                                                        if (sfx != NULL)
index f6d8579..0837136 100644 (file)
@@ -61,10 +61,13 @@ int matchpattern(const char *in, const char *pattern, int caseinsensitive)
 stringlist_t *stringlistappend(stringlist_t *current, char *text)
 {
        stringlist_t *newitem;
-       newitem = (stringlist_t *)Z_Malloc(strlen(text) + 1 + sizeof(stringlist_t));
+       size_t textlen;
+
+       textlen = strlen(text) + 1;
+       newitem = (stringlist_t *)Z_Malloc(textlen + sizeof(stringlist_t));
        newitem->next = NULL;
        newitem->text = (char *)(newitem + 1);
-       strcpy(newitem->text, text);
+       memcpy(newitem->text, text, textlen);
        if (current)
                current->next = newitem;
        return newitem;
diff --git a/fs.c b/fs.c
index 3aab053..ede2caa 100644 (file)
--- a/fs.c
+++ b/fs.c
@@ -1061,13 +1061,13 @@ void FS_Init (void)
 
        fs_mempool = Mem_AllocPool("file management", 0, NULL);
 
-       strcpy(fs_gamedir, "");
+       strlcpy(fs_gamedir, "", sizeof(fs_gamedir));
 
 // If the base directory is explicitly defined by the compilation process
 #ifdef DP_FS_BASEDIR
-       strcpy(fs_basedir, DP_FS_BASEDIR);
+       strlcpy(fs_basedir, DP_FS_BASEDIR, sizeof(fs_basedir));
 #else
-       strcpy(fs_basedir, "");
+       strlcpy(fs_basedir, "", sizeof(fs_basedir));
 
 #ifdef MACOSX
        // FIXME: is there a better way to find the directory outside the .app?
@@ -2073,17 +2073,19 @@ FS_StripExtension
 void FS_StripExtension (const char *in, char *out, size_t size_out)
 {
        char *last = NULL;
+       char currentchar;
 
        if (size_out == 0)
                return;
 
-       while (*in && size_out > 1)
+       while ((currentchar = *in) && size_out > 1)
        {
-               if (*in == '.')
+               if (currentchar == '.')
                        last = out;
-               else if (*in == '/' || *in == '\\' || *in == ':')
+               else if (currentchar == '/' || currentchar == '\\' || currentchar == ':')
                        last = NULL;
-               *out++ = *in++;
+               *out++ = currentchar;
+               in++;
                size_out--;
        }
        if (last)
@@ -2221,7 +2223,7 @@ fssearch_t *FS_Search(const char *pattern, int caseinsensitive, int quiet)
                        pak = searchpath->pack;
                        for (i = 0;i < pak->numfiles;i++)
                        {
-                               strcpy(temp, pak->files[i].name);
+                               strlcpy(temp, pak->files[i].name, sizeof(temp));
                                while (temp[0])
                                {
                                        if (matchpattern(temp, (char *)pattern, true))
@@ -2301,10 +2303,12 @@ fssearch_t *FS_Search(const char *pattern, int caseinsensitive, int quiet)
                numchars = 0;
                for (listtemp = liststart;listtemp;listtemp = listtemp->next)
                {
+                       size_t textlen;
                        search->filenames[numfiles] = search->filenamesbuffer + numchars;
-                       strcpy(search->filenames[numfiles], listtemp->text);
+                       textlen = strlen(listtemp->text) + 1;
+                       memcpy(search->filenames[numfiles], listtemp->text, textlen);
                        numfiles++;
-                       numchars += (int)strlen(listtemp->text) + 1;
+                       numchars += (int)textlen;
                }
                if (liststart)
                        stringlistfree(liststart);
index 2a6368e..17f1224 100644 (file)
--- a/gl_draw.c
+++ b/gl_draw.c
@@ -458,7 +458,7 @@ cachepic_t *Draw_NewPic(const char *picname, int width, int height, int alpha, u
                                return cachepics; // return the first one
                        }
                        pic = cachepics + (numcachepics++);
-                       strcpy (pic->name, picname);
+                       strlcpy (pic->name, picname, sizeof(pic->name));
                        // link into list
                        pic->chain = cachepichash[hashkey];
                        cachepichash[hashkey] = pic;
index f760fa9..02898d9 100644 (file)
@@ -966,7 +966,7 @@ void gl_main_newmap(void)
                l = (int)strlen(entname) - 4;
                if (l >= 0 && !strcmp(entname + l, ".bsp"))
                {
-                       strcpy(entname + l, ".ent");
+                       memcpy(entname + l, ".ent", 5);
                        if ((entities = (char *)FS_LoadFile(entname, tempmempool, true, NULL)))
                        {
                                CL_ParseEntityLump(entities);
diff --git a/host.c b/host.c
index 23f1a5e..15ffddc 100644 (file)
--- a/host.c
+++ b/host.c
@@ -132,7 +132,7 @@ void Host_Error (const char *error, ...)
                Sys_Error ("Host_Error: recursively entered (original error was: %s    new error is: %s)", hosterrorstring2, hosterrorstring1);
        hosterror = true;
 
-       strcpy(hosterrorstring2, hosterrorstring1);
+       strlcpy(hosterrorstring2, hosterrorstring1, sizeof(hosterrorstring2));
 
        CL_Parse_DumpPacket();
 
index f23c658..408592e 100644 (file)
@@ -292,7 +292,7 @@ void Host_Map_f (void)
 
        svs.serverflags = 0;                    // haven't completed an episode yet
        allowcheats = sv_cheats.integer != 0;
-       strcpy(level, Cmd_Argv(1));
+       strlcpy(level, Cmd_Argv(1), sizeof(level));
        SV_SpawnServer(level);
        if (sv.active && cls.state == ca_disconnected)
                CL_EstablishConnection("local:1");
@@ -352,7 +352,7 @@ void Host_Changelevel_f (void)
        SV_SaveSpawnparms ();
        SV_VM_End();
        allowcheats = sv_cheats.integer != 0;
-       strcpy(level, Cmd_Argv(1));
+       strlcpy(level, Cmd_Argv(1), sizeof(level));
        SV_SpawnServer(level);
        if (sv.active && cls.state == ca_disconnected)
                CL_EstablishConnection("local:1");
@@ -386,7 +386,7 @@ void Host_Restart_f (void)
        key_dest = key_game;
 
        allowcheats = sv_cheats.integer != 0;
-       strcpy(mapname, sv.name);
+       strlcpy(mapname, sv.name, sizeof(mapname));
        SV_SpawnServer(mapname);
        if (sv.active && cls.state == ca_disconnected)
                CL_EstablishConnection("local:1");
@@ -628,7 +628,7 @@ void Host_Loadgame_f (void)
                return;
        }
 
-       strcpy (filename, Cmd_Argv(1));
+       strlcpy (filename, Cmd_Argv(1), sizeof(filename));
        FS_DefaultExtension (filename, ".sav", sizeof (filename));
 
        Con_Printf("Loading game from %s...\n", filename);
@@ -670,7 +670,7 @@ void Host_Loadgame_f (void)
 
        // mapname
        COM_ParseTokenConsole(&t);
-       strcpy (mapname, com_token);
+       strlcpy (mapname, com_token, sizeof(mapname));
 
        // time
        COM_ParseTokenConsole(&t);
@@ -835,7 +835,7 @@ void Host_Name_f (void)
        {
                if (host_client->spawned)
                        SV_BroadcastPrintf("%s changed name to %s\n", host_client->old_name, host_client->name);
-               strcpy(host_client->old_name, host_client->name);
+               strlcpy(host_client->old_name, host_client->name, sizeof(host_client->old_name));
                // send notification to all clients
                MSG_WriteByte (&sv.reliable_datagram, svc_updatename);
                MSG_WriteByte (&sv.reliable_datagram, host_client - svs.clients);
@@ -894,7 +894,7 @@ void Host_Playermodel_f (void)
                PRVM_GETEDICTFIELDVALUE(host_client->edict, eval_playermodel)->string = PRVM_SetEngineString(host_client->playermodel);
        if (strcmp(host_client->old_model, host_client->playermodel))
        {
-               strcpy(host_client->old_model, host_client->playermodel);
+               strlcpy(host_client->old_model, host_client->playermodel, sizeof(host_client->old_model));
                /*// send notification to all clients
                MSG_WriteByte (&sv.reliable_datagram, svc_updatepmodel);
                MSG_WriteByte (&sv.reliable_datagram, host_client - svs.clients);
@@ -954,7 +954,7 @@ void Host_Playerskin_f (void)
        {
                //if (host_client->spawned)
                //      SV_BroadcastPrintf("%s changed skin to %s\n", host_client->name, host_client->playerskin);
-               strcpy(host_client->old_skin, host_client->playerskin);
+               strlcpy(host_client->old_skin, host_client->playerskin, sizeof(host_client->old_skin));
                /*// send notification to all clients
                MSG_WriteByte (&sv.reliable_datagram, svc_updatepskin);
                MSG_WriteByte (&sv.reliable_datagram, host_client - svs.clients);
diff --git a/image.c b/image.c
index 353a4b5..3fad1af 100644 (file)
--- a/image.c
+++ b/image.c
@@ -762,9 +762,13 @@ unsigned char *LoadWAL (const unsigned char *f, int filesize, int matchwidth, in
 }
 
 
-void Image_StripImageExtension (const char *in, char *out)
+static void Image_StripImageExtension (const char *in, char *out, size_t size_out)
 {
        const char *end, *temp;
+       
+       if (size_out == 0)
+               return;
+
        end = in + strlen(in);
        if ((end - in) >= 4)
        {
@@ -775,12 +779,15 @@ void Image_StripImageExtension (const char *in, char *out)
                 || strcmp(temp, ".png") == 0
                 || strcmp(temp, ".jpg") == 0)
                        end = temp;
-               while (in < end)
+               while (in < end && size_out > 1)
+               {
                        *out++ = *in++;
+                       size_out--;
+               }
                *out++ = 0;
        }
        else
-               strcpy(out, in);
+               strlcpy(out, in, size_out);
 }
 
 typedef struct imageformat_s
@@ -853,8 +860,7 @@ unsigned char *loadimagepixels (const char *filename, qboolean complain, int mat
                Mem_CheckSentinelsGlobal();
        if (developer_texturelogging.integer)
                Log_Printf("textures.log", "%s\n", filename);
-       strlcpy(basename, filename, sizeof(basename));
-       Image_StripImageExtension(basename, basename); // strip filename extensions to allow replacement by other types
+       Image_StripImageExtension(filename, basename, sizeof(basename)); // strip filename extensions to allow replacement by other types
        // replace *'s with #, so commandline utils don't get confused when dealing with the external files
        for (c = basename;*c;c++)
                if (*c == '*')
@@ -1558,8 +1564,7 @@ int image_loadskin(imageskin_t *s, const char *shadername)
        unsigned char *bumppixels;
        int bumppixels_width, bumppixels_height;
        char name[MAX_QPATH];
-       strlcpy(name, shadername, sizeof(name));
-       Image_StripImageExtension(name, name);
+       Image_StripImageExtension(shadername, name, sizeof(name));
        memset(s, 0, sizeof(*s));
        s->basepixels = loadimagepixels(name, false, 0, 0);
        if (s->basepixels == NULL)
diff --git a/keys.c b/keys.c
index e1831c7..0f40462 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -358,7 +358,7 @@ Key_Console (int key, char ascii)
        {
                if (key_linepos > 1)
                {
-                       strcpy(key_lines[edit_line] + key_linepos - 1, key_lines[edit_line] + key_linepos);
+                       strlcpy(key_lines[edit_line] + key_linepos - 1, key_lines[edit_line] + key_linepos, sizeof(key_lines[edit_line]) + 1 - key_linepos);
                        key_linepos--;
                }
                return;
@@ -367,8 +367,10 @@ Key_Console (int key, char ascii)
        // delete char on cursor
        if (key == K_DEL || key == K_KP_DEL)
        {
-               if (key_linepos < (int)strlen(key_lines[edit_line]))
-                       strcpy(key_lines[edit_line] + key_linepos, key_lines[edit_line] + key_linepos + 1);
+               size_t linelen;
+               linelen = strlen(key_lines[edit_line]);
+               if (key_linepos < (int)linelen)
+                       memmove(key_lines[edit_line] + key_linepos, key_lines[edit_line] + key_linepos + 1, linelen - key_linepos);
                return;
        }
 
@@ -410,9 +412,11 @@ Key_Console (int key, char ascii)
        {
                if (history_line > 0 && key_lines[history_line-1][1])
                {
+                       size_t linelen;
                        history_line--;
-                       strcpy(key_lines[edit_line], key_lines[history_line]);
-                       key_linepos = (int)strlen(key_lines[edit_line]);
+                       linelen = strlen(key_lines[edit_line]);
+                       memcpy(key_lines[edit_line], key_lines[history_line], linelen + 1);
+                       key_linepos = (int)linelen;
                }
                return;
        }
@@ -429,8 +433,10 @@ Key_Console (int key, char ascii)
                }
                else
                {
-                       strcpy(key_lines[edit_line], key_lines[history_line]);
-                       key_linepos = (int)strlen(key_lines[edit_line]);
+                       size_t linelen;
+                       linelen = strlen(key_lines[edit_line]);
+                       memcpy(key_lines[edit_line], key_lines[history_line], linelen + 1);
+                       key_linepos = (int)linelen;
                }
                return;
        }
@@ -607,7 +613,7 @@ Key_SetBinding (int keynum, int bindmap, const char *binding)
 // allocate memory for new binding
        l = strlen (binding);
        newbinding = (char *)Z_Malloc (l + 1);
-       strcpy (newbinding, binding);
+       memcpy (newbinding, binding, l + 1);
        newbinding[l] = 0;
        keybindings[bindmap][keynum] = newbinding;
 }
diff --git a/lhnet.c b/lhnet.c
index 67ccc9a..4099ac6 100644 (file)
--- a/lhnet.c
+++ b/lhnet.c
@@ -252,7 +252,7 @@ int LHNETADDRESS_ToString(const lhnetaddress_t *address, char *string, int strin
                {
                        if (stringbuffersize >= 6)
                        {
-                               strcpy(string, "local");
+                               memcpy(string, "local", 6);
                                return 1;
                        }
                }
diff --git a/menu.c b/menu.c
index bbe8869..e970291 100644 (file)
--- a/menu.c
+++ b/menu.c
@@ -880,7 +880,7 @@ static void M_ScanSaves (void)
 
        for (i=0 ; i<MAX_SAVEGAMES ; i++)
        {
-               strcpy (m_filenames[i], "--- UNUSED SLOT ---");
+               strlcpy (m_filenames[i], "--- UNUSED SLOT ---", sizeof(m_filenames[i]));
                loadable[i] = false;
                sprintf (name, "s%i.sav", (int)i);
                f = FS_Open (name, "rb", false, false);
@@ -1299,7 +1299,7 @@ void M_Menu_Setup_f (void)
        key_dest = key_menu;
        m_state = m_setup;
        m_entersound = true;
-       strcpy(setup_myname, cl_name.string);
+       strlcpy(setup_myname, cl_name.string, sizeof(setup_myname));
        setup_top = setup_oldtop = cl_color.integer >> 4;
        setup_bottom = setup_oldbottom = cl_color.integer & 15;
        setup_rate = cl_rate.integer;
@@ -2647,7 +2647,7 @@ static void M_Keys_Draw (void)
 
                // LordHavoc: redesigned to print more than 2 keys, inspired by Tomaz's MiniRacer
                if (keys[0] == -1)
-                       strcpy(keystring, "???");
+                       strlcpy(keystring, "???", sizeof(keystring));
                else
                {
                        keystring[0] = 0;
index df2d5c0..d1cf3c9 100644 (file)
@@ -557,7 +557,7 @@ static void Mod_MDL_LoadFrames (unsigned char* datapointer, int inverts, int *ve
                // get scene name from first frame
                pinframe = (daliasframe_t *)datapointer;
 
-               strcpy(scene->name, pinframe->name);
+               strlcpy(scene->name, pinframe->name, sizeof(scene->name));
                scene->firstframe = pose;
                scene->framecount = groupframes;
                scene->framerate = 1.0f / interval;
@@ -930,7 +930,7 @@ void Mod_IDP0_Load(model_t *mod, void *buffer, void *bufferend)
 
                        // store the info about the new skin
                        Mod_BuildAliasSkinFromSkinFrame(loadmodel->data_textures + totalskins * loadmodel->num_surfaces, &tempskinframe);
-                       strcpy(loadmodel->skinscenes[loadmodel->numskins].name, name);
+                       strlcpy(loadmodel->skinscenes[loadmodel->numskins].name, name, sizeof(loadmodel->skinscenes[loadmodel->numskins].name));
                        loadmodel->skinscenes[loadmodel->numskins].firstframe = totalskins;
                        loadmodel->skinscenes[loadmodel->numskins].framecount = 1;
                        loadmodel->skinscenes[loadmodel->numskins].framerate = 10.0f;
@@ -1165,7 +1165,7 @@ void Mod_IDP2_Load(model_t *mod, void *buffer, void *bufferend)
                        out[k] = v[vertremap[k]];
                datapointer += numxyz * sizeof(trivertx_t);
 
-               strcpy(loadmodel->animscenes[i].name, pinframe->name);
+               strlcpy(loadmodel->animscenes[i].name, pinframe->name, sizeof(loadmodel->animscenes[i].name));
                loadmodel->animscenes[i].firstframe = i;
                loadmodel->animscenes[i].framecount = 1;
                loadmodel->animscenes[i].framerate = 10;
@@ -1240,7 +1240,7 @@ void Mod_IDP3_Load(model_t *mod, void *buffer, void *bufferend)
        loadmodel->animscenes = (animscene_t *)Mem_Alloc(loadmodel->mempool, loadmodel->numframes * sizeof(animscene_t));
        for (i = 0, pinframe = (md3frameinfo_t *)((unsigned char *)pinmodel + LittleLong(pinmodel->lump_frameinfo));i < loadmodel->numframes;i++, pinframe++)
        {
-               strcpy(loadmodel->animscenes[i].name, pinframe->name);
+               strlcpy(loadmodel->animscenes[i].name, pinframe->name, sizeof(loadmodel->animscenes[i].name));
                loadmodel->animscenes[i].firstframe = i;
                loadmodel->animscenes[i].framecount = 1;
                loadmodel->animscenes[i].framerate = 10;
@@ -1253,7 +1253,7 @@ void Mod_IDP3_Load(model_t *mod, void *buffer, void *bufferend)
        loadmodel->data_tags = (aliastag_t *)Mem_Alloc(loadmodel->mempool, loadmodel->num_tagframes * loadmodel->num_tags * sizeof(aliastag_t));
        for (i = 0, pintag = (md3tag_t *)((unsigned char *)pinmodel + LittleLong(pinmodel->lump_tags));i < loadmodel->num_tagframes * loadmodel->num_tags;i++, pintag++)
        {
-               strcpy(loadmodel->data_tags[i].name, pintag->name);
+               strlcpy(loadmodel->data_tags[i].name, pintag->name, sizeof(loadmodel->data_tags[i].name));
                loadmodel->data_tags[i].matrix = identitymatrix;
                for (j = 0;j < 3;j++)
                {
index 210caf5..f860198 100644 (file)
@@ -1256,7 +1256,7 @@ static void Mod_Q1BSP_LoadTextures(lump_t *l)
        // fill out all slots with notexture
        for (i = 0, tx = loadmodel->data_textures;i < loadmodel->num_textures;i++, tx++)
        {
-               strcpy(tx->name, "NO TEXTURE FOUND");
+               strlcpy(tx->name, "NO TEXTURE FOUND", sizeof(tx->name));
                tx->width = 16;
                tx->height = 16;
                tx->skin.base = r_texture_notexture;
@@ -1323,7 +1323,7 @@ static void Mod_Q1BSP_LoadTextures(lump_t *l)
                                name[j] += 'a' - 'A';
 
                tx = loadmodel->data_textures + i;
-               strcpy(tx->name, name);
+               strlcpy(tx->name, name, sizeof(tx->name));
                tx->width = mtwidth;
                tx->height = mtheight;
 
@@ -1650,9 +1650,9 @@ static void Mod_Q1BSP_ParseWadsFromEntityLump(const char *data)
                if (com_token[0] == '}')
                        break; // end of worldspawn
                if (com_token[0] == '_')
-                       strcpy(key, com_token + 1);
+                       strlcpy(key, com_token + 1, sizeof(key));
                else
-                       strcpy(key, com_token);
+                       strlcpy(key, com_token, sizeof(key));
                while (key[strlen(key)-1] == ' ') // remove trailing spaces
                        key[strlen(key)-1] = 0;
                if (!COM_ParseTokenConsole(&data))
@@ -1677,7 +1677,7 @@ static void Mod_Q1BSP_ParseWadsFromEntityLump(const char *data)
                                                {
                                                        k = value[i];
                                                        value[i] = 0;
-                                                       strcpy(wadname, "textures/");
+                                                       strlcpy(wadname, "textures/", sizeof(wadname));
                                                        strlcat(wadname, &value[j], sizeof(wadname));
                                                        W_LoadTextureWadFile(wadname, false);
                                                        j = i+1;
@@ -3349,7 +3349,7 @@ void Mod_Q1BSP_Load(model_t *mod, void *buffer, void *bufferend)
                        // copy the base model to this one
                        *mod = *loadmodel;
                        // rename the clone back to its proper name
-                       strcpy(mod->name, name);
+                       strlcpy(mod->name, name, sizeof(mod->name));
                        // textures and memory belong to the main model
                        mod->texturepool = NULL;
                        mod->mempool = NULL;
@@ -3919,14 +3919,14 @@ static void Mod_Q3BSP_LoadEntities(lump_t *l)
                        if (com_token[0] == '}')
                                break; // end of worldspawn
                        if (com_token[0] == '_')
-                               strcpy(key, com_token + 1);
+                               strlcpy(key, com_token + 1, sizeof(key));
                        else
-                               strcpy(key, com_token);
+                               strlcpy(key, com_token, sizeof(key));
                        while (key[strlen(key)-1] == ' ') // remove trailing spaces
                                key[strlen(key)-1] = 0;
                        if (!COM_ParseTokenConsole(&data))
                                break; // error
-                       strcpy(value, com_token);
+                       strlcpy(value, com_token, sizeof(value));
                        if (!strcmp("gridsize", key))
                        {
                                if (sscanf(value, "%f %f %f", &v[0], &v[1], &v[2]) == 3 && v[0] != 0 && v[1] != 0 && v[2] != 0)
@@ -5756,7 +5756,7 @@ void Mod_Q3BSP_Load(model_t *mod, void *buffer, void *bufferend)
                        sprintf(name, "*%i", i);
                        mod = Mod_FindName(name);
                        *mod = *loadmodel;
-                       strcpy(mod->name, name);
+                       strlcpy(mod->name, name, sizeof(mod->name));
                        // textures and memory belong to the main model
                        mod->texturepool = NULL;
                        mod->mempool = NULL;
index d40b0c0..920d85e 100644 (file)
@@ -118,7 +118,7 @@ void Mod_UnloadModel (model_t *mod)
        char name[MAX_QPATH];
        qboolean isworldmodel;
        qboolean used;
-       strcpy(name, mod->name);
+       strlcpy(name, mod->name, sizeof(name));
        isworldmodel = mod->isworldmodel;
        used = mod->used;
        // free textures/memory attached to the model
@@ -127,7 +127,7 @@ void Mod_UnloadModel (model_t *mod)
        // clear the struct to make it available
        memset(mod, 0, sizeof(model_t));
        // restore the fields we want to preserve
-       strcpy(mod->name, name);
+       strlcpy(mod->name, name, sizeof(mod->name));
        mod->isworldmodel = isworldmodel;
        mod->used = used;
        mod->loaded = false;
@@ -323,7 +323,7 @@ model_t *Mod_FindName(const char *name)
        if (mod_numknown == i)
                mod_numknown++;
        mod = mod_known + i;
-       strcpy (mod->name, name);
+       strlcpy (mod->name, name, sizeof(mod->name));
        mod->loaded = false;
        mod->used = true;
        return mod;
index c644fa0..811cdf6 100644 (file)
@@ -535,7 +535,7 @@ void VM_cvar_string(void)
 
        cvar_string = Cvar_VariableString(name);
 
-       strcpy(out, cvar_string);
+       strlcpy(out, cvar_string, VM_STRINGTEMP_LENGTH);
 
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(out);
 }
@@ -566,7 +566,7 @@ void VM_cvar_defstring (void)
 
        cvar_string = Cvar_VariableDefString(name);
 
-       strcpy(out, cvar_string);
+       strlcpy(out, cvar_string, VM_STRINGTEMP_LENGTH);
 
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(out);
 }
@@ -1819,12 +1819,14 @@ void VM_strzone(void)
 {
        char *out;
        char string[VM_STRINGTEMP_LENGTH];
+       size_t alloclen;
 
        VM_SAFEPARMCOUNT(1,VM_strzone);
 
        VM_VarString(0, string, sizeof(string));
-       PRVM_G_INT(OFS_RETURN) = PRVM_AllocString(strlen(string) + 1, &out);
-       strcpy(out, string);
+       alloclen = strlen(string) + 1;
+       PRVM_G_INT(OFS_RETURN) = PRVM_AllocString(alloclen, &out);
+       memcpy(out, string, alloclen);
 }
 
 /*
@@ -1896,13 +1898,15 @@ void VM_tokenize (void)
        pos = 0;
        while(COM_ParseToken(&p, false))
        {
+               size_t tokenlen;
                if (num_tokens >= (int)(sizeof(tokens)/sizeof(tokens[0])))
                        break;
-               if (pos + strlen(com_token) + 1 > sizeof(tokenbuf))
+               tokenlen = strlen(com_token) + 1;
+               if (pos + tokenlen > sizeof(tokenbuf))
                        break;
                tokens[num_tokens++] = tokenbuf + pos;
-               strcpy(tokenbuf + pos, com_token);
-               pos += strlen(com_token) + 1;
+               memcpy(tokenbuf + pos, com_token, tokenlen);
+               pos += tokenlen;
        }
 
        PRVM_G_FLOAT(OFS_RETURN) = num_tokens;
@@ -2309,7 +2313,7 @@ void VM_search_getfilename(void)
        }
 
        tmp = VM_GetTempString();
-       strcpy(tmp, VM_SEARCHLIST[handle]->filenames[filenum]);
+       strlcpy(tmp, VM_SEARCHLIST[handle]->filenames[filenum], VM_STRINGTEMP_LENGTH);
 
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(tmp);
 }
@@ -2663,7 +2667,7 @@ void VM_keynumtostring (void)
 
        tmp = VM_GetTempString();
 
-       strcpy(tmp, Key_KeynumToString(keynum));
+       strlcpy(tmp, Key_KeynumToString(keynum), VM_STRINGTEMP_LENGTH);
 
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(tmp);
 }
@@ -3283,7 +3287,7 @@ void VM_altstr_set( void )
                return;
        }
 
-       strcpy( out, in );
+       strlcpy(out, in, VM_STRINGTEMP_LENGTH);
        PRVM_G_INT( OFS_RETURN ) = PRVM_SetEngineString( outstr );
 }
 
@@ -3322,7 +3326,7 @@ void VM_altstr_ins(void)
        for( ; *set ; *out++ = *set++ );
        *out++ = '\'';
 
-       strcpy( out, in );
+       strlcpy(out, in, VM_STRINGTEMP_LENGTH);
        PRVM_G_INT( OFS_RETURN ) = PRVM_SetEngineString( outstr );
 }
 
@@ -3527,13 +3531,15 @@ void VM_buf_copy (void)
        for(i=0;i<b1->num_strings;i++)
                if(b1->strings[i] && b1->strings[i][0])
                {
-                       b2->strings[i] = (char *)Z_Malloc(strlen(b1->strings[i])+1);
+                       size_t stringlen;
+                       stringlen = strlen(b1->strings[i]) + 1;
+                       b2->strings[i] = (char *)Z_Malloc(stringlen);
                        if(!b2->strings[i])
                        {
                                VM_Warning("VM_buf_copy: not enough memory for buffer %i used in %s\n", (int)PRVM_G_FLOAT(OFS_PARM1), PRVM_NAME);
                                break;
                        }
-                       strcpy(b2->strings[i], b1->strings[i]);
+                       memcpy(b2->strings[i], b1->strings[i], stringlen);
                }
 }
 
@@ -3677,6 +3683,7 @@ void VM_bufstr_set (void)
        int                             bufindex, strindex;
        qcstrbuffer_t   *b;
        const char              *news;
+       size_t                  alloclen;
 
        VM_SAFEPARMCOUNT(3, VM_bufstr_set);
 
@@ -3701,8 +3708,9 @@ void VM_bufstr_set (void)
        }
        if(b->strings[strindex])
                Z_Free(b->strings[strindex]);
-       b->strings[strindex] = (char *)Z_Malloc(strlen(news)+1);
-       strcpy(b->strings[strindex], news);
+       alloclen = strlen(news) + 1;
+       b->strings[strindex] = (char *)Z_Malloc(alloclen);
+       memcpy(b->strings[strindex], news, alloclen);
 }
 
 /*
@@ -3718,6 +3726,7 @@ void VM_bufstr_add (void)
        int                             bufindex, order, strindex;
        qcstrbuffer_t   *b;
        const char              *string;
+       size_t                  alloclen;
 
        VM_SAFEPARMCOUNT(3, VM_bufstr_add);
 
@@ -3761,8 +3770,9 @@ void VM_bufstr_add (void)
        }
        if(b->strings[strindex])
                Z_Free(b->strings[strindex]);
-       b->strings[strindex] = (char *)Z_Malloc(strlen(string)+1);
-       strcpy(b->strings[strindex], string);
+       alloclen = strlen(string) + 1;
+       b->strings[strindex] = (char *)Z_Malloc(alloclen);
+       memcpy(b->strings[strindex], string, alloclen);
        PRVM_G_FLOAT(OFS_RETURN) = strindex;
 }
 
index cde6464..98b1b98 100644 (file)
@@ -848,7 +848,7 @@ void PRVM_ED_ParseGlobals (const char *data)
                if (com_token[0] == '}')
                        break;
 
-               strcpy (keyname, com_token);
+               strlcpy (keyname, com_token, sizeof(keyname));
 
                // parse value
                if (!COM_ParseTokenConsole(&data))
@@ -1047,7 +1047,7 @@ const char *PRVM_ED_ParseEdict (const char *data, prvm_edict_t *ent)
                // and allow them to be turned into vectors. (FIXME...)
                if (!strcmp(com_token, "angle"))
                {
-                       strcpy (com_token, "angles");
+                       strlcpy (com_token, "angles", sizeof(com_token));
                        anglehack = true;
                }
                else
@@ -1055,9 +1055,9 @@ const char *PRVM_ED_ParseEdict (const char *data, prvm_edict_t *ent)
 
                // FIXME: change light to _light to get rid of this hack
                if (!strcmp(com_token, "light"))
-                       strcpy (com_token, "light_lev");        // hack for single light def
+                       strlcpy (com_token, "light_lev", sizeof(com_token));    // hack for single light def
 
-               strcpy (keyname, com_token);
+               strlcpy (keyname, com_token, sizeof(keyname));
 
                // another hack to fix keynames with trailing spaces
                n = strlen(keyname);
@@ -1097,7 +1097,7 @@ const char *PRVM_ED_ParseEdict (const char *data, prvm_edict_t *ent)
                if (anglehack)
                {
                        char    temp[32];
-                       strcpy (temp, com_token);
+                       strlcpy (temp, com_token, sizeof(temp));
                        sprintf (com_token, "0 %s 0", temp);
                }
 
index 9f83ce6..d102374 100644 (file)
@@ -2072,7 +2072,7 @@ void R_RTLight_Update(dlight_t *light, int isstatic)
        rtlight->cullmaxs[2] = rtlight->shadoworigin[2] + rtlight->radius;
        rtlight->cubemapname[0] = 0;
        if (light->cubemapname[0])
-               strcpy(rtlight->cubemapname, light->cubemapname);
+               strlcpy(rtlight->cubemapname, light->cubemapname, sizeof(rtlight->cubemapname));
        else if (light->cubemapnum > 0)
                sprintf(rtlight->cubemapname, "cubemaps/%i", light->cubemapnum);
        rtlight->shadow = light->shadow;
@@ -2577,7 +2577,7 @@ rtexture_t *R_Shadow_Cubemap(const char *basename)
        if (i >= MAX_CUBEMAPS)
                return r_texture_whitecube;
        numcubemaps++;
-       strcpy(cubemaps[i].basename, basename);
+       strlcpy(cubemaps[i].basename, basename, sizeof(cubemaps[i].basename));
        cubemaps[i].texture = R_Shadow_LoadCubemap(cubemaps[i].basename);
        if (!cubemaps[i].texture)
                cubemaps[i].texture = r_texture_whitecube;
@@ -2782,8 +2782,10 @@ void R_Shadow_LoadWorldLights(void)
                        // remove quotes on cubemapname
                        if (cubemapname[0] == '"' && cubemapname[strlen(cubemapname) - 1] == '"')
                        {
-                               cubemapname[strlen(cubemapname)-1] = 0;
-                               strcpy(cubemapname, cubemapname + 1);
+                               size_t namelen;
+                               namelen = strlen(cubemapname) - 2;
+                               memmove(cubemapname, cubemapname + 1, namelen);
+                               cubemapname[namelen] = '\0';
                        }
                        if (a < 8)
                        {
@@ -2950,14 +2952,14 @@ void R_Shadow_LoadWorldLightsFromMap_LightArghliteTyrlite(void)
                        if (com_token[0] == '}')
                                break; // end of entity
                        if (com_token[0] == '_')
-                               strcpy(key, com_token + 1);
+                               strlcpy(key, com_token + 1, sizeof(key));
                        else
-                               strcpy(key, com_token);
+                               strlcpy(key, com_token, sizeof(key));
                        while (key[strlen(key)-1] == ' ') // remove trailing spaces
                                key[strlen(key)-1] = 0;
                        if (!COM_ParseTokenConsole(&data))
                                break; // error
-                       strcpy(value, com_token);
+                       strlcpy(value, com_token, sizeof(value));
 
                        // now that we have the key pair worked out...
                        if (!strcmp("light", key))
@@ -3432,7 +3434,7 @@ void R_Shadow_EditLights_Edit_f(void)
                        return;
                }
                if (Cmd_Argc() == 3)
-                       strcpy(cubemapname, Cmd_Argv(2));
+                       strlcpy(cubemapname, Cmd_Argv(2), sizeof(cubemapname));
                else
                        cubemapname[0] = 0;
        }
@@ -3702,7 +3704,7 @@ void R_Shadow_EditLights_CopyInfo_f(void)
        r_shadow_bufferlight.radius = r_shadow_selectedlight->radius;
        r_shadow_bufferlight.style = r_shadow_selectedlight->style;
        if (r_shadow_selectedlight->cubemapname)
-               strcpy(r_shadow_bufferlight.cubemapname, r_shadow_selectedlight->cubemapname);
+               strlcpy(r_shadow_bufferlight.cubemapname, r_shadow_selectedlight->cubemapname, sizeof(r_shadow_bufferlight.cubemapname));
        else
                r_shadow_bufferlight.cubemapname[0] = 0;
        r_shadow_bufferlight.shadow = r_shadow_selectedlight->shadow;
diff --git a/r_sky.c b/r_sky.c
index 41b473a..bf2c009 100644 (file)
--- a/r_sky.c
+++ b/r_sky.c
@@ -142,7 +142,7 @@ int R_SetSkyBox(const char *sky)
                return false;
        }
 
-       strcpy(skyname, sky);
+       strlcpy(skyname, sky, sizeof(skyname));
 
        return R_LoadSkyBox();
 }
diff --git a/sbar.c b/sbar.c
index 011c79a..264a6ef 100644 (file)
--- a/sbar.c
+++ b/sbar.c
@@ -553,19 +553,30 @@ void Sbar_SortFrags (void)
                {
                        if (color != (cl.scores[fragsort[i]].colors & 15))
                        {
+                               const char* teamname;
+
                                color = cl.scores[fragsort[i]].colors & 15;
                                teamlines++;
 
-                               if (color == 4)
-                                       strcpy(teams[teamlines-1].name, "^1Red Team");
-                               else if (color == 13)
-                                       strcpy(teams[teamlines-1].name, "^4Blue Team");
-                               else if (color == 9)
-                                       strcpy(teams[teamlines-1].name, "^6Pink Team");
-                               else if (color == 12)
-                                       strcpy(teams[teamlines-1].name, "^3Yellow Team");
-                               else
-                                       strcpy(teams[teamlines-1].name, "Total Team Score");
+                               switch (color)
+                               {
+                                       case 4:
+                                               teamname = "^1Red Team";
+                                               break;
+                                       case 13:
+                                               teamname = "^4Blue Team";
+                                               break;
+                                       case 9:
+                                               teamname = "^6Pink Team";
+                                               break;
+                                       case 12:
+                                               teamname = "^3Yellow Team";
+                                               break;
+                                       default:
+                                               teamname = "Total Team Score";
+                                               break;
+                               }
+                               strlcpy(teams[teamlines-1].name, teamname, sizeof(teams[teamlines-1].name));
 
                                teams[teamlines-1].frags = 0;
                                teams[teamlines-1].colors = color + 16 * color;
index 777dd6c..15e571b 100644 (file)
--- a/snd_mem.c
+++ b/snd_mem.c
@@ -331,7 +331,7 @@ qboolean S_LoadSound (sfx_t *sfx, qboolean complain)
                if (S_LoadWavFile (namebuffer, sfx))
                        return true;
                if (len >= 4 && !strcasecmp (namebuffer + len - 4, ".wav"))
-                       strcpy (namebuffer + len - 3, "ogg");
+                       memcpy (namebuffer + len - 3, "ogg", 4);
                if (OGG_LoadVorbisFile (namebuffer, sfx))
                        return true;
        }
@@ -347,7 +347,7 @@ qboolean S_LoadSound (sfx_t *sfx, qboolean complain)
        if (S_LoadWavFile (namebuffer, sfx))
                return true;
        if (len >= 4 && !strcasecmp (namebuffer + len - 4, ".wav"))
-               strcpy (namebuffer + len - 3, "ogg");
+               memcpy (namebuffer + len - 3, "ogg", 4);
        if (OGG_LoadVorbisFile (namebuffer, sfx))
                return true;
 
index 0552bb2..55fb0ef 100644 (file)
--- a/sv_main.c
+++ b/sv_main.c
@@ -414,8 +414,8 @@ void SV_ConnectClient (int clientnum, netconn_t *netconnection)
 
        Con_DPrintf("Client %s connected\n", client->netconnection ? client->netconnection->address : "botclient");
 
-       strcpy(client->name, "unconnected");
-       strcpy(client->old_name, "unconnected");
+       strlcpy(client->name, "unconnected", sizeof(client->name));
+       strlcpy(client->old_name, "unconnected", sizeof(client->old_name));
        client->spawned = false;
        client->edict = PRVM_EDICT_NUM(clientnum+1);
        if (client->netconnection)
@@ -1292,7 +1292,7 @@ void SV_UpdateToReliableMessages (void)
                {
                        if (host_client->spawned)
                                SV_BroadcastPrintf("%s changed name to %s\n", host_client->old_name, host_client->name);
-                       strcpy(host_client->old_name, host_client->name);
+                       strlcpy(host_client->old_name, host_client->name, sizeof(host_client->old_name));
                        // send notification to all clients
                        MSG_WriteByte (&sv.reliable_datagram, svc_updatename);
                        MSG_WriteByte (&sv.reliable_datagram, i);
@@ -1792,7 +1792,7 @@ void SV_SpawnServer (const char *server)
        worldmodel->used = true;
 
        strlcpy (sv.name, server, sizeof (sv.name));
-       strcpy(sv.modelname, modelname);
+       strlcpy(sv.modelname, modelname, sizeof(sv.modelname));
        sv.worldmodel = worldmodel;
        sv.models[1] = sv.worldmodel;
 
index 5f3e6c6..702cfaf 100644 (file)
--- a/sys_sdl.c
+++ b/sys_sdl.c
@@ -176,8 +176,10 @@ char *Sys_GetClipboardData (void)
                {
                        if ((cliptext = GlobalLock (hClipboardData)) != 0)
                        {
-                               data = Z_Malloc (GlobalSize(hClipboardData)+1);
-                               strcpy (data, cliptext);
+                               size_t allocsize;
+                               allocsize = GlobalSize (hClipboardData) + 1;
+                               data = Z_Malloc (allocsize);
+                               strlcpy (data, cliptext, allocsize);
                                GlobalUnlock (hClipboardData);
                        }
                }
index f0f3045..6addcdf 100644 (file)
--- a/sys_win.c
+++ b/sys_win.c
@@ -285,8 +285,10 @@ char *Sys_GetClipboardData (void)
                {
                        if ((cliptext = GlobalLock (hClipboardData)) != 0)
                        {
-                               data = Z_Malloc (GlobalSize(hClipboardData)+1);
-                               strcpy (data, cliptext);
+                               size_t allocsize;
+                               allocsize = GlobalSize (hClipboardData) + 1;
+                               data = Z_Malloc (allocsize);
+                               strlcpy (data, cliptext, allocsize);
                                GlobalUnlock (hClipboardData);
                        }
                }
index 8a76501..32834c5 100644 (file)
--- a/vid_agl.c
+++ b/vid_agl.c
@@ -257,7 +257,7 @@ static int GL_OpenLibrary(void)
                Con_Printf("Unable to open symbol list for %s\n", name);
                return false;
        }
-       strcpy(gl_driver, name);
+       strlcpy(gl_driver, name, sizeof(gl_driver));
        return true;
 }
 
index 4955b81..463d385 100644 (file)
--- a/vid_glx.c
+++ b/vid_glx.c
@@ -491,7 +491,7 @@ static int GL_OpenLibrary(const char *name)
                Con_Printf("Unable to open symbol list for %s\n", name);
                return false;
        }
-       strcpy(gl_driver, name);
+       strlcpy(gl_driver, name, sizeof(gl_driver));
        return true;
 }
 
index 3c5614d..38c4d86 100644 (file)
--- a/vid_wgl.c
+++ b/vid_wgl.c
@@ -688,7 +688,7 @@ static int GL_OpenLibrary(const char *name)
                Con_Printf("Unable to LoadLibrary %s\n", name);
                return false;
        }
-       strcpy(gl_driver, name);
+       strlcpy(gl_driver, name, sizeof(gl_driver));
        return true;
 }