From 633b15caf3f616f7778ca153573097fcb7fdfad0 Mon Sep 17 00:00:00 2001
From: rubidium <rubidium@openttd.org>
Date: Tue, 28 Oct 2008 16:04:41 +0000
Subject: (svn r14542) -Codechange: replace some sprintf with s[en]printf to
 make sure they will not overflow their buffers.

---
 src/fios.cpp                |  6 +++---
 src/music/os2_m.cpp         |  2 +-
 src/network/network_gui.cpp |  2 +-
 src/win32.cpp               | 44 ++++++++++++++++++++++++--------------------
 4 files changed, 29 insertions(+), 25 deletions(-)

(limited to 'src')

diff --git a/src/fios.cpp b/src/fios.cpp
index 116179228..aa2ecf236 100644
--- a/src/fios.cpp
+++ b/src/fios.cpp
@@ -95,9 +95,9 @@ char *FiosBrowseTo(const FiosItem *item)
 	switch (item->type) {
 		case FIOS_TYPE_DRIVE:
 #if defined(WINCE)
-			sprintf(path, PATHSEP "");
+			snprintf(path, MAX_PATH, PATHSEP "");
 #elif defined(WIN32) || defined(__OS2__)
-			sprintf(path, "%c:" PATHSEP, item->title[0]);
+			snprintf(path, MAX_PATH, "%c:" PATHSEP, item->title[0]);
 #endif
 		/* Fallthrough */
 		case FIOS_TYPE_INVALID:
@@ -124,7 +124,7 @@ char *FiosBrowseTo(const FiosItem *item)
 			break;
 
 		case FIOS_TYPE_DIRECT:
-			sprintf(path, "%s", item->name);
+			snprintf(path, MAX_PATH, "%s", item->name);
 			break;
 
 		case FIOS_TYPE_FILE:
diff --git a/src/music/os2_m.cpp b/src/music/os2_m.cpp
index 4461f003f..d4ceb23e8 100644
--- a/src/music/os2_m.cpp
+++ b/src/music/os2_m.cpp
@@ -27,7 +27,7 @@ static long CDECL MidiSendCommand(const char *cmd, ...)
 	va_list va;
 	char buf[512];
 	va_start(va, cmd);
-	vsprintf(buf, cmd, va);
+	vseprintf(buf, lastof(buf), cmd, va);
 	va_end(va);
 	return mciSendString(buf, NULL, 0, NULL, 0);
 }
diff --git a/src/network/network_gui.cpp b/src/network/network_gui.cpp
index 0aa429400..cc23c6eeb 100644
--- a/src/network/network_gui.cpp
+++ b/src/network/network_gui.cpp
@@ -1512,7 +1512,7 @@ struct NetworkClientListPopupWindow : Window {
 			GetString(this->action[i], STR_NETWORK_CLIENTLIST_KICK, lastof(this->action[i]));
 			this->proc[i++] = &ClientList_Kick;
 
-			sprintf(this->action[i],"Ban"); // XXX GetString?
+			seprintf(this->action[i], lastof(this->action[i]), "Ban"); // XXX GetString?
 			this->proc[i++] = &ClientList_Ban;
 		}
 
diff --git a/src/win32.cpp b/src/win32.cpp
index fffb6e6ca..24bb976b3 100644
--- a/src/win32.cpp
+++ b/src/win32.cpp
@@ -177,14 +177,14 @@ static void GetFileInfo(DebugFileInfo *dfi, const TCHAR *filename)
 }
 
 
-static char *PrintModuleInfo(char *output, HMODULE mod)
+static char *PrintModuleInfo(char *output, const char *last, HMODULE mod)
 {
 	TCHAR buffer[MAX_PATH];
 	DebugFileInfo dfi;
 
 	GetModuleFileName(mod, buffer, MAX_PATH);
 	GetFileInfo(&dfi, buffer);
-	output += sprintf(output, " %-20s handle: %p size: %d crc: %.8X date: %d-%.2d-%.2d %.2d:%.2d:%.2d\r\n",
+	output += seprintf(output, last, " %-20s handle: %p size: %d crc: %.8X date: %d-%.2d-%.2d %.2d:%.2d:%.2d\r\n",
 		WIDE_TO_MB(buffer),
 		mod,
 		dfi.size,
@@ -199,7 +199,7 @@ static char *PrintModuleInfo(char *output, HMODULE mod)
 	return output;
 }
 
-static char *PrintModuleList(char *output)
+static char *PrintModuleList(char *output, const char *last)
 {
 	BOOL (WINAPI *EnumProcessModules)(HANDLE, HMODULE*, DWORD, LPDWORD);
 
@@ -215,12 +215,12 @@ static char *PrintModuleList(char *output)
 			if (res) {
 				size_t count = min(needed / sizeof(HMODULE), lengthof(modules));
 
-				for (size_t i = 0; i != count; i++) output = PrintModuleInfo(output, modules[i]);
+				for (size_t i = 0; i != count; i++) output = PrintModuleInfo(output, last, modules[i]);
 				return output;
 			}
 		}
 	}
-	output = PrintModuleInfo(output, NULL);
+	output = PrintModuleInfo(output, last, NULL);
 	return output;
 }
 
@@ -464,6 +464,9 @@ static void GamelogPrintCrashLogProc(const char *s)
 	WriteFile(_file_crash_log, "\r\n", (DWORD)strlen("\r\n"), &num_written, NULL);
 }
 
+/** Amount of output for the execption handler. */
+static const int EXCEPTION_OUTPUT_SIZE = 8192;
+
 static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 {
 	char *output;
@@ -475,12 +478,13 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 	_ident = GetTickCount(); // something pretty unique
 
 	MakeCRCTable(AllocaM(uint32, 256));
-	_crash_msg = output = (char*)LocalAlloc(LMEM_FIXED, 8192);
+	_crash_msg = output = (char*)LocalAlloc(LMEM_FIXED, EXCEPTION_OUTPUT_SIZE);
+	const char *last = output + EXCEPTION_OUTPUT_SIZE - 1;
 
 	{
 		SYSTEMTIME time;
 		GetLocalTime(&time);
-		output += sprintf(output,
+		output += seprintf(output, last,
 			"*** OpenTTD Crash Report ***\r\n"
 			"Date: %d-%.2d-%.2d %.2d:%.2d:%.2d\r\n"
 			"Build: %s built on " __DATE__ " " __TIME__ "\r\n",
@@ -495,12 +499,12 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 	}
 
 	if (_exception_string)
-		output += sprintf(output, "Reason: %s\r\n", _exception_string);
+		output += seprintf(output, last, "Reason: %s\r\n", _exception_string);
 
-	output += sprintf(output, "Language: %s\r\n", _dynlang.curr_file);
+	output += seprintf(output, last, "Language: %s\r\n", _dynlang.curr_file);
 
 #ifdef _M_AMD64
-	output += sprintf(output, "Exception %.8X at %.16IX\r\n"
+	output += seprintf(output, last, "Exception %.8X at %.16IX\r\n"
 		"Registers:\r\n"
 		"RAX: %.16llX RBX: %.16llX RCX: %.16llX RDX: %.16llX\r\n"
 		"RSI: %.16llX RDI: %.16llX RBP: %.16llX RSP: %.16llX\r\n"
@@ -530,7 +534,7 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 		ep->ContextRecord->EFlags
 	);
 #else
-	output += sprintf(output, "Exception %.8X at %.8p\r\n"
+	output += seprintf(output, last, "Exception %.8X at %.8p\r\n"
 		"Registers:\r\n"
 		" EAX: %.8X EBX: %.8X ECX: %.8X EDX: %.8X\r\n"
 		" ESI: %.8X EDI: %.8X EBP: %.8X ESP: %.8X\r\n"
@@ -560,13 +564,13 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 		int i;
 		for (i = 0; i != 24; i++) {
 			if (IsBadReadPtr(b, 1)) {
-				output += sprintf(output, " ??"); // OCR: WAS: , 0);
+				output += seprintf(output, last, " ??"); // OCR: WAS: , 0);
 			} else {
-				output += sprintf(output, " %.2X", *b);
+				output += seprintf(output, last, " %.2X", *b);
 			}
 			b++;
 		}
-		output += sprintf(output,
+		output += seprintf(output, last,
 			"\r\n"
 			"\r\nStack trace: \r\n"
 		);
@@ -582,24 +586,24 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 		for (j = 0; j != 24; j++) {
 			for (i = 0; i != 8; i++) {
 				if (IsBadReadPtr(b, sizeof(uint32))) {
-					output += sprintf(output, " ????????"); //OCR: WAS - , 0);
+					output += seprintf(output, last, " ????????"); //OCR: WAS - , 0);
 				} else {
-					output += sprintf(output, " %.8X", *b);
+					output += seprintf(output, last, " %.8X", *b);
 				}
 				b++;
 			}
-			output += sprintf(output, "\r\n");
+			output += seprintf(output, last, "\r\n");
 		}
 	}
 
-	output += sprintf(output, "\r\nModule information:\r\n");
-	output = PrintModuleList(output);
+	output += seprintf(output, last, "\r\nModule information:\r\n");
+	output = PrintModuleList(output, last);
 
 	{
 		_OSVERSIONINFOA os;
 		os.dwOSVersionInfoSize = sizeof(os);
 		GetVersionExA(&os);
-		output += sprintf(output, "\r\nSystem information:\r\n"
+		output += seprintf(output, last, "\r\nSystem information:\r\n"
 			" Windows version %d.%d %d %s\r\n\r\n",
 			os.dwMajorVersion, os.dwMinorVersion, os.dwBuildNumber, os.szCSDVersion);
 	}
-- 
cgit v1.2.3-54-g00ecf