Author: cazfi
Date: Wed Jul 27 09:43:34 2016
New Revision: 33330

URL: http://svn.gna.org/viewcvs/freeciv?rev=33330&view=rev
Log:
Avoid tileset/soundset/musicset suggestion dialog buffer overflow with 
extremely long
tileset/soundset/musicset names.

See bug #24877

Modified:
    trunk/client/audio.c
    trunk/client/gui-gtk-2.0/soundset_dlg.c
    trunk/client/gui-gtk-2.0/tileset_dlg.c
    trunk/client/gui-gtk-3.0/soundset_dlg.c
    trunk/client/gui-gtk-3.0/tileset_dlg.c
    trunk/client/gui-gtk-3.x/soundset_dlg.c
    trunk/client/gui-gtk-3.x/tileset_dlg.c
    trunk/client/gui-sdl2/themespec.c
    trunk/client/tilespec.c

Modified: trunk/client/audio.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/audio.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/audio.c        (original)
+++ trunk/client/audio.c        Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 2005 - The Freeciv Team
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by

Modified: trunk/client/gui-gtk-2.0/soundset_dlg.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-gtk-2.0/soundset_dlg.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-gtk-2.0/soundset_dlg.c     (original)
+++ trunk/client/gui-gtk-2.0/soundset_dlg.c     Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -63,11 +63,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s soundset.\n"
-            "It might not work with other soundsets.\n"
-            "You are currently using soundset %s."),
-          game.control.preferred_soundset, sound_set_name);
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s soundset.\n"
+                "It might not work with other soundsets.\n"
+                "You are currently using soundset %s."),
+              game.control.preferred_soundset, sound_set_name);
 
   label = gtk_label_new(buf);
   gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), label);
@@ -116,11 +116,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s musicset.\n"
-            "It might not work with other musicsets.\n"
-            "You are currently using musicset %s."),
-          game.control.preferred_musicset, music_set_name);
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s musicset.\n"
+                "It might not work with other musicsets.\n"
+                "You are currently using musicset %s."),
+              game.control.preferred_musicset, music_set_name);
 
   label = gtk_label_new(buf);
   gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), label);

Modified: trunk/client/gui-gtk-2.0/tileset_dlg.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-gtk-2.0/tileset_dlg.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-gtk-2.0/tileset_dlg.c      (original)
+++ trunk/client/gui-gtk-2.0/tileset_dlg.c      Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -62,11 +62,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s tileset.\n"
-            "It might not work with other tilesets.\n"
-            "You are currently using tileset %s."),
-          game.control.preferred_tileset, tileset_basename(tileset));
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s tileset.\n"
+                "It might not work with other tilesets.\n"
+                "You are currently using tileset %s."),
+              game.control.preferred_tileset, tileset_basename(tileset));
 
   label = gtk_label_new(buf);
   gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), label);

Modified: trunk/client/gui-gtk-3.0/soundset_dlg.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-gtk-3.0/soundset_dlg.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-gtk-3.0/soundset_dlg.c     (original)
+++ trunk/client/gui-gtk-3.0/soundset_dlg.c     Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -69,11 +69,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s soundset.\n"
-            "It might not work with other soundsets.\n"
-            "You are currently using soundset %s."),
-          game.control.preferred_soundset, sound_set_name);
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s soundset.\n"
+                "It might not work with other soundsets.\n"
+                "You are currently using soundset %s."),
+              game.control.preferred_soundset, sound_set_name);
 
   label = gtk_label_new(buf);
   
gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 label);
@@ -122,11 +122,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s musicset.\n"
-            "It might not work with other musicsets.\n"
-            "You are currently using musicset %s."),
-          game.control.preferred_musicset, music_set_name);
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s musicset.\n"
+                "It might not work with other musicsets.\n"
+                "You are currently using musicset %s."),
+              game.control.preferred_musicset, music_set_name);
 
   label = gtk_label_new(buf);
   
gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 label);

Modified: trunk/client/gui-gtk-3.0/tileset_dlg.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-gtk-3.0/tileset_dlg.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-gtk-3.0/tileset_dlg.c      (original)
+++ trunk/client/gui-gtk-3.0/tileset_dlg.c      Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -67,11 +67,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s tileset.\n"
-            "It might not work with other tilesets.\n"
-            "You are currently using tileset %s."),
-          game.control.preferred_tileset, tileset_basename(tileset));
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s tileset.\n"
+                "It might not work with other tilesets.\n"
+                "You are currently using tileset %s."),
+              game.control.preferred_tileset, tileset_basename(tileset));
 
   label = gtk_label_new(buf);
   
gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 label);

Modified: trunk/client/gui-gtk-3.x/soundset_dlg.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-gtk-3.x/soundset_dlg.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-gtk-3.x/soundset_dlg.c     (original)
+++ trunk/client/gui-gtk-3.x/soundset_dlg.c     Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -69,11 +69,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s soundset.\n"
-            "It might not work with other soundsets.\n"
-            "You are currently using soundset %s."),
-          game.control.preferred_soundset, sound_set_name);
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s soundset.\n"
+                "It might not work with other soundsets.\n"
+                "You are currently using soundset %s."),
+              game.control.preferred_soundset, sound_set_name);
 
   label = gtk_label_new(buf);
   
gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 label);
@@ -122,11 +122,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s musicset.\n"
-            "It might not work with other musicsets.\n"
-            "You are currently using musicset %s."),
-          game.control.preferred_musicset, music_set_name);
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s musicset.\n"
+                "It might not work with other musicsets.\n"
+                "You are currently using musicset %s."),
+              game.control.preferred_musicset, music_set_name);
 
   label = gtk_label_new(buf);
   
gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 label);

Modified: trunk/client/gui-gtk-3.x/tileset_dlg.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-gtk-3.x/tileset_dlg.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-gtk-3.x/tileset_dlg.c      (original)
+++ trunk/client/gui-gtk-3.x/tileset_dlg.c      Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/********************************************************************** 
+/***********************************************************************
  Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -67,11 +67,11 @@
   gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_YES);
   gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
 
-  sprintf(buf,
-          _("Modpack suggests using %s tileset.\n"
-            "It might not work with other tilesets.\n"
-            "You are currently using tileset %s."),
-          game.control.preferred_tileset, tileset_basename(tileset));
+  fc_snprintf(buf, sizeof(buf),
+              _("Modpack suggests using %s tileset.\n"
+                "It might not work with other tilesets.\n"
+                "You are currently using tileset %s."),
+              game.control.preferred_tileset, tileset_basename(tileset));
 
   label = gtk_label_new(buf);
   
gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 label);

Modified: trunk/client/gui-sdl2/themespec.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/gui-sdl2/themespec.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/gui-sdl2/themespec.c   (original)
+++ trunk/client/gui-sdl2/themespec.c   Wed Jul 27 09:43:34 2016
@@ -1,4 +1,4 @@
-/**********************************************************************
+/***********************************************************************
  Freeciv - Copyright (C) 2005 - The Freeciv Project
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -11,7 +11,7 @@
    GNU General Public License for more details.
 ***********************************************************************/
 
-/**********************************************************************
+/***********************************************************************
   Functions for handling the themespec files which describe
   the files and contents of themes.
   original author: David Pfitzner <d...@mso.anu.edu.au>
@@ -456,7 +456,8 @@
   /* Try out all supported file extensions to find one that works. */
   while ((gfx_fileext = *gfx_fileexts++)) {
     const char *real_full_name;
-    char full_name[strlen(gfx_filename) + strlen(gfx_fileext) + 2];
+    char full_name[strlen(gfx_filename) + strlen(".")
+                   + strlen(gfx_fileext) + 1];
 
     sprintf(full_name, "%s.%s", gfx_filename, gfx_fileext);
     if ((real_full_name = fileinfoname(get_data_dirs(), full_name))) {
@@ -678,12 +679,12 @@
   const char **gfx_fileexts = gfx_fileextensions();
 
   while ((gfx_current_fileext = *gfx_fileexts++)) {
+    const char *real_full_name;
     char *full_name =
-       fc_malloc(strlen(gfx_filename) + strlen(gfx_current_fileext) + 2);
-    const char *real_full_name;
-
-    sprintf(full_name,"%s.%s",gfx_filename,gfx_current_fileext);
-
+      fc_malloc(strlen(gfx_filename) + strlen(".")
+                + strlen(gfx_current_fileext) + 1);
+
+    sprintf(full_name, "%s.%s", gfx_filename, gfx_current_fileext);
     real_full_name = fileinfoname(get_data_dirs(), full_name);
     FC_FREE(full_name);
     if (real_full_name) {
@@ -693,6 +694,7 @@
 
   log_fatal("Couldn't find a supported gfx file extension for \"%s\".",
             gfx_filename);
+
   exit(EXIT_FAILURE);
   return NULL;
 }

Modified: trunk/client/tilespec.c
URL: 
http://svn.gna.org/viewcvs/freeciv/trunk/client/tilespec.c?rev=33330&r1=33329&r2=33330&view=diff
==============================================================================
--- trunk/client/tilespec.c     (original)
+++ trunk/client/tilespec.c     Wed Jul 27 09:43:34 2016
@@ -1413,7 +1413,8 @@
   /* Try out all supported file extensions to find one that works. */
   while ((gfx_fileext = *gfx_fileexts++)) {
     const char *real_full_name;
-    char full_name[strlen(gfx_filename) + strlen(gfx_fileext) + 2];
+    char full_name[strlen(gfx_filename) + strlen(".")
+                   + strlen(gfx_fileext) + 1];
 
     sprintf(full_name, "%s.%s", gfx_filename, gfx_fileext);
     if ((real_full_name = fileinfoname(get_data_dirs(), full_name))) {
@@ -1637,13 +1638,13 @@
   const char  *gfx_current_fileext;
   const char **gfx_fileexts = gfx_fileextensions();
 
-  while((gfx_current_fileext = *gfx_fileexts++))
-  {
+  while ((gfx_current_fileext = *gfx_fileexts++)) {
+    const char *real_full_name;
     char *full_name =
-       fc_malloc(strlen(gfx_filename) + strlen(gfx_current_fileext) + 2);
-    const char *real_full_name;
-
-    sprintf(full_name,"%s.%s",gfx_filename,gfx_current_fileext);
+      fc_malloc(strlen(gfx_filename) + strlen(".")
+                + strlen(gfx_current_fileext) + 1);
+
+    sprintf(full_name, "%s.%s", gfx_filename, gfx_current_fileext);
 
     real_full_name = fileinfoname(get_data_dirs(), full_name);
     free(full_name);


_______________________________________________
Freeciv-commits mailing list
Freeciv-commits@gna.org
https://mail.gna.org/listinfo/freeciv-commits

Reply via email to