fix(core): Replace strcat with strlcat

Author: Bart Roossien

Core/GameEngine/Source/Common/System/AsciiString.cpp

@@ -140,7 +140,7 @@ void AsciiString::ensureUniqueBufferOfSize(int numCharsNeeded, Bool preserveData
 			m_data->peek()[usableNumChars] = 0;
 		}
 		if (strToCat)
-			strcat(m_data->peek(), strToCat);
+			strlcat(m_data->peek(), strToCat, usableNumChars + 1);
 		return;
 	}
 
@@ -169,7 +169,7 @@ void AsciiString::ensureUniqueBufferOfSize(int numCharsNeeded, Bool preserveData
 		newData->peek()[usableNumChars] = 0;
 	}
 	if (strToCat)
-		strcat(newData->peek(), strToCat);
+		strlcat(newData->peek(), strToCat, usableNumChars + 1);
 
 	releaseBuffer();
 	m_data = newData;

Core/GameEngine/Source/Common/System/Debug.cpp

@@ -210,14 +210,14 @@ static const char *getCurrentTickString(void)
 	Empty the buffer passed in, then optionally prepend the current TickCount
 	value in string form, depending on the setting of theDebugFlags.
 */
-static void prepBuffer(char *buffer)
+static void prepBuffer(char *buffer, int size)
 {
 	buffer[0] = 0;
 #ifdef ALLOW_DEBUG_UTILS
 	if (theDebugFlags & DEBUG_FLAG_PREPEND_TIME)
 	{
 		strcpy(buffer, getCurrentTickString());
-		strcat(buffer, " ");
+		strlcat(buffer, " ", size);
 	}
 #endif
 }
@@ -388,24 +388,24 @@ void DebugInit(int flags)
 		}
 
 		strcpy(theLogFileNamePrev, dirbuf);
-		strcat(theLogFileNamePrev, gAppPrefix);
-		strcat(theLogFileNamePrev, DEBUG_FILE_NAME_PREV);
+		strlcat(theLogFileNamePrev, gAppPrefix, ARRAY_SIZE(theLogFileNamePrev));
+		strlcat(theLogFileNamePrev, DEBUG_FILE_NAME_PREV, ARRAY_SIZE(theLogFileNamePrev));
 		if (rts::ClientInstance::getInstanceId() > 1u)
 		{
 			size_t offset = strlen(theLogFileNamePrev);
 			snprintf(theLogFileNamePrev + offset, ARRAY_SIZE(theLogFileNamePrev) - offset, "_Instance%.2u", rts::ClientInstance::getInstanceId());
 		}
-		strcat(theLogFileNamePrev, ".txt");
+		strlcat(theLogFileNamePrev, ".txt", ARRAY_SIZE(theLogFileNamePrev));
 
 		strcpy(theLogFileName, dirbuf);
-		strcat(theLogFileName, gAppPrefix);
-		strcat(theLogFileName, DEBUG_FILE_NAME);
+		strlcat(theLogFileName, gAppPrefix, ARRAY_SIZE(theLogFileNamePrev));
+		strlcat(theLogFileName, DEBUG_FILE_NAME, ARRAY_SIZE(theLogFileNamePrev));
 		if (rts::ClientInstance::getInstanceId() > 1u)
 		{
 			size_t offset = strlen(theLogFileName);
 			snprintf(theLogFileName + offset, ARRAY_SIZE(theLogFileName) - offset, "_Instance%.2u", rts::ClientInstance::getInstanceId());
 		}
-		strcat(theLogFileName, ".txt");
+		strlcat(theLogFileName, ".txt", ARRAY_SIZE(theLogFileNamePrev));
 
 		remove(theLogFileNamePrev);
 		rename(theLogFileName, theLogFileNamePrev);
@@ -436,7 +436,7 @@ void DebugLog(const char *format, ...)
 	if (theDebugFlags == 0)
 		MessageBoxWrapper("DebugLog - Debug not inited properly", "", MB_OK|MB_TASKMODAL);
 
-	prepBuffer(theBuffer);
+	prepBuffer(theBuffer, ARRAY_SIZE(theBuffer));
 
 	va_list args;
 	va_start(args, format);
@@ -508,8 +508,8 @@ void DebugCrash(const char *format, ...)
 	// make it big to avoid weird overflow bugs in debug mode
 	char theCrashBuffer[ LARGE_BUFFER ];
 
-	prepBuffer(theCrashBuffer);
-	strcat(theCrashBuffer, "ASSERTION FAILURE: ");
+	prepBuffer(theCrashBuffer, LARGE_BUFFER);
+	strlcat(theCrashBuffer, "ASSERTION FAILURE: ", LARGE_BUFFER);
 
 	va_list arg;
 	va_start(arg, format);
@@ -538,7 +538,7 @@ void DebugCrash(const char *format, ...)
 #endif
 	}
 
-	strcat(theCrashBuffer, "\n\nAbort->exception; Retry->debugger; Ignore->continue");
+	strlcat(theCrashBuffer, "\n\nAbort->exception; Retry->debugger; Ignore->continue", LARGE_BUFFER);
 
 	const int result = doCrashBox(theCrashBuffer, useLogging);
 
@@ -737,9 +737,9 @@ void ReleaseCrash(const char *reason)
 	}
 
 	strcpy(prevbuf, TheGlobalData->getPath_UserData().str());
-	strcat(prevbuf, RELEASECRASH_FILE_NAME_PREV);
+	strlcat(prevbuf, RELEASECRASH_FILE_NAME_PREV, _MAX_PATH);
 	strcpy(curbuf, TheGlobalData->getPath_UserData().str());
-	strcat(curbuf, RELEASECRASH_FILE_NAME);
+	strlcat(curbuf, RELEASECRASH_FILE_NAME, _MAX_PATH);
 
  	remove(prevbuf);
 	rename(curbuf, prevbuf);
@@ -826,9 +826,9 @@ void ReleaseCrashLocalized(const AsciiString& p, const AsciiString& m)
 	char curbuf[ _MAX_PATH ];
 
 	strcpy(prevbuf, TheGlobalData->getPath_UserData().str());
-	strcat(prevbuf, RELEASECRASH_FILE_NAME_PREV);
+	strlcat(prevbuf, RELEASECRASH_FILE_NAME_PREV, _MAX_PATH);
 	strcpy(curbuf, TheGlobalData->getPath_UserData().str());
-	strcat(curbuf, RELEASECRASH_FILE_NAME);
+	strlcat(curbuf, RELEASECRASH_FILE_NAME, _MAX_PATH);
 
  	remove(prevbuf);
 	rename(curbuf, prevbuf);

Core/GameEngine/Source/Common/System/GameMemory.cpp

@@ -2974,9 +2974,10 @@ void MemoryPoolFactory::memoryPoolUsageReport( const char* filename, FILE *appen
 
 	if( !appendToFileInstead )
 	{
-		char tmp[256];
+		const int tmpSize = 256;
+		char tmp[tmpSize];
 		strcpy(tmp,filename);
-		strcat(tmp,".csv");
+		strlcat(tmp,".csv", tmpSize);
 		perfStatsFile = fopen(tmp, "w");
 	}
 	else
@@ -3201,12 +3202,13 @@ void MemoryPoolFactory::debugMemoryReport(Int flags, Int startCheckpoint, Int en
 		DEBUG_LOG(("------------------------------------------"));
 		DEBUG_LOG(("Begin Block Report for %s", nm));
 		DEBUG_LOG(("------------------------------------------"));
-		char buf[256] = "";
-		if (flags & _REPORT_CP_ALLOCATED_BEFORE) strcat(buf, "AllocBefore ");
-		if (flags & _REPORT_CP_ALLOCATED_BETWEEN) strcat(buf, "AllocBetween ");
-		if (flags & _REPORT_CP_FREED_BEFORE) strcat(buf, "FreedBefore ");
-		if (flags & _REPORT_CP_FREED_BETWEEN) strcat(buf, "FreedBetween ");
-		if (flags & _REPORT_CP_FREED_NEVER) strcat(buf, "StillExisting ");
+		const int bufSize = 256;
+		char buf[bufSize] = "";
+		if (flags & _REPORT_CP_ALLOCATED_BEFORE) strlcat(buf, "AllocBefore ", bufSize);
+		if (flags & _REPORT_CP_ALLOCATED_BETWEEN) strlcat(buf, "AllocBetween ", bufSize);
+		if (flags & _REPORT_CP_FREED_BEFORE) strlcat(buf, "FreedBefore ", bufSize);
+		if (flags & _REPORT_CP_FREED_BETWEEN) strlcat(buf, "FreedBetween ", bufSize);
+		if (flags & _REPORT_CP_FREED_NEVER) strlcat(buf, "StillExisting ", bufSize);
 		DEBUG_LOG(("Options: Between checkpoints %d and %d, report on (%s)",startCheckpoint,endCheckpoint,buf));
 		DEBUG_LOG(("------------------------------------------"));
 

Core/GameEngine/Source/Common/System/GameMemoryInit.cpp

@@ -123,7 +123,7 @@ void userMemoryManagerInitPools()
 		}
 		--pEnd;
 	}
-	strcat(buf, "\\Data\\INI\\MemoryPools.ini");
+	strlcat(buf, "\\Data\\INI\\MemoryPools.ini", _MAX_PATH);
 
 	FILE* fp = fopen(buf, "r");
 	if (fp)

Core/Libraries/Source/WWVegas/WW3D2/hcanim.cpp

@@ -257,8 +257,8 @@ int HCompressedAnimClass::Load_W3D(ChunkLoadClass & cload)
 	cload.Close_Chunk();
 
 	strcpy(Name,aheader.HierarchyName);
-	strcat(Name,".");
-	strcat(Name,aheader.Name);
+	strlcat(Name,".", ARRAY_SIZE(Name));
+	strlcat(Name,aheader.Name, ARRAY_SIZE(Name));
 
 	// TSS chasing crash bug 05/26/99
    WWASSERT(HierarchyName != NULL);

Core/Libraries/Source/WWVegas/WW3D2/hmdldef.cpp

@@ -236,8 +236,8 @@ bool HModelDefClass::read_connection(ChunkLoadClass & cload,HmdlNodeDefStruct *
 	}
 
 	strcpy(node->RenderObjName,ModelName);
-	strcat(node->RenderObjName,".");
-	strcat(node->RenderObjName,con.RenderObjName);
+	strlcat(node->RenderObjName,".", ARRAY_SIZE(node->RenderObjName));
+	strlcat(node->RenderObjName, con.RenderObjName, ARRAY_SIZE(node->RenderObjName));
 
 	if (pre30) {
 		if (con.PivotIdx == 65535) {

Core/Libraries/Source/WWVegas/WW3D2/w3d_dep.cpp

@@ -558,7 +558,8 @@ static const char * Make_W3D_Filename (const char *w3d_name)
 
 	// Copy the w3d name into a static buffer, turn it into lowercase
 	// letters, and append a ".w3d" file extension. That's the filename.
-	static char buffer[64];
+	static const int bufferSize = 64;
+	static char buffer[bufferSize];
 	if (*w3d_name == 0)
 	{
 		// Empty W3D name case.
@@ -570,6 +571,6 @@ static const char * Make_W3D_Filename (const char *w3d_name)
 	if (dot)
 		*dot = 0;
 	strlwr(buffer);
-	strcat(buffer, ".w3d");
+	strlcat(buffer, ".w3d", bufferSize);
 	return buffer;
 }

Core/Libraries/Source/WWVegas/WWDownload/FTP.CPP

@@ -36,6 +36,7 @@
 #include <time.h>
 #include <direct.h>
 #include <errno.h>
+#include <stringex.h>
 //#include "wlib/wstring.h"
 
 #include "DownloadDebug.h"
@@ -678,7 +679,7 @@ HRESULT  Cftp::FindFile( LPCSTR szRemoteFileName, int * piSize )
 	_splitpath( szRemoteFileName, NULL, m_szRemoteFilePath+strlen(m_szRemoteFilePath),
 		m_szRemoteFileName, ext );
 
-	strcat( m_szRemoteFileName, ext );
+	strlcat(m_szRemoteFileName, ext, sizeof(m_szRemoteFileName));
 
 	for( i = 0; i < (int)strlen( m_szRemoteFilePath ); i++ )
 	{
@@ -1708,7 +1709,8 @@ HRESULT  Cftp::FileRecoveryPosition( LPCSTR szLocalFileName, LPCSTR szRegistryRo
 	FILE * testfp;
 	HKEY hkey;
 	unsigned char regfilename[ 256 ];
-	char regkey[ 512 ];
+	const int regkeySize = 512;
+	char regkey[ regkeySize ];
 	unsigned long t1, t2;
 
 	if( ( szRegistryRoot == NULL ) || ( szLocalFileName == NULL ) )
@@ -1722,11 +1724,11 @@ HRESULT  Cftp::FileRecoveryPosition( LPCSTR szLocalFileName, LPCSTR szRegistryRo
 	strcpy( regkey, szRegistryRoot );
 	if( regkey[ strlen( regkey ) - 1 ] != '\\' )
 	{
-		strcat( regkey, "\\Download" );
+		strlcat( regkey, "\\Download", regkeySize);
 	}
 	else
 	{
-		strcat( regkey, "Download" );
+		strlcat( regkey, "Download", regkeySize);
 	}
 
 	if( RegOpenKeyEx( HKEY_LOCAL_MACHINE, (LPCTSTR)regkey,

Core/Libraries/Source/WWVegas/WWLib/Except.cpp

@@ -224,8 +224,8 @@ char const * Last_Error_Text(void)
  *=============================================================================================*/
 static void Add_Txt (char const *txt)
 {
-	if (strlen(ExceptionText) + strlen(txt) < 65535) {
-		strcat(ExceptionText, txt);
+	if (strlen(ExceptionText) + strlen(txt) < ARRAY_SIZE(ExceptionText) - 1) {
+		strlcat(ExceptionText, txt, ARRAY_SIZE(ExceptionText));
 	}
 #if (0)
 	/*
@@ -340,7 +340,8 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 	/*
 	** Scrap buffer for constructing dump strings
 	*/
-	char scrap [256];
+	const int scrapSize = 256;
+	char scrap [scrapSize];
 
 	/*
 	** Clear out the dump buffer
@@ -653,15 +654,15 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 
 	for (int c = 0 ; c < 32 ; c++) {
 		if (IsBadReadPtr(eip_ptr, 1)) {
-			strcat(scrap, "?? ");
+			strlcat(scrap, "?? ", scrapSize);
 		} else {
 			sprintf(bytestr, "%02X ", *eip_ptr);
-			strcat(scrap, bytestr);
+			strlcat(scrap, bytestr, scrapSize);
 		}
 		eip_ptr++;
 	}
 
-	strcat(scrap, "\r\n\r\n");
+	strlcat(scrap, "\r\n\r\n", scrapSize);
 	Add_Txt(scrap);
 
 	/*
@@ -677,14 +678,14 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 			** The stack contents cannot be read so just print up question marks.
 			*/
 			sprintf(scrap, "%p: ", static_cast<void*>(stackptr));
-			strcat(scrap, "????????\r\n");
+			strlcat(scrap, "????????\r\n", scrapSize);
 		} else {
 			/*
 			** If this stack address is in our memory space then try to match it with a code symbol.
 			*/
 			if (IsBadCodePtr((FARPROC)*stackptr)) {
 				sprintf(scrap, "%p: %08lX ", static_cast<void*>(stackptr), *stackptr);
-				strcat(scrap, "DATA_PTR\r\n");
+				strlcat(scrap, "DATA_PTR\r\n", scrapSize);
 			} else {
 				sprintf(scrap, "%p: %08lX", static_cast<void*>(stackptr), *stackptr);
 
@@ -697,12 +698,12 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 					if (_SymGetSymFromAddr != NULL && _SymGetSymFromAddr (GetCurrentProcess(), *stackptr, &displacement, symptr)) {
 						char symbuf[256];
 						sprintf(symbuf, " - %s + %08X", symptr->Name, displacement);
-						strcat(scrap, symbuf);
+						strlcat(scrap, symbuf, scrapSize);
 					}
 				} else {
-					strcat (scrap, " *");
+					strlcat(scrap, " *", scrapSize);
 				}
-				strcat (scrap, "\r\n");
+				strlcat(scrap, "\r\n", scrapSize);
 			}
 		}
 		Add_Txt(scrap);