fix: Replace strcat with strlcat for robustness (#1685)

Author: Skyaero42

Core/GameEngine/Source/Common/System/Debug.cpp

@@ -388,24 +388,24 @@ void DebugInit(int flags)
 		}
 
 		strcpy(theLogFileNamePrev, dirbuf);
-		strcat(theLogFileNamePrev, gAppPrefix);
-		strcat(theLogFileNamePrev, DEBUG_FILE_NAME_PREV);
+		strlcat(theLogFileNamePrev, gAppPrefix, ARRAY_SIZE(theLogFileNamePrev));
+		strlcat(theLogFileNamePrev, DEBUG_FILE_NAME_PREV, ARRAY_SIZE(theLogFileNamePrev));
 		if (rts::ClientInstance::getInstanceId() > 1u)
 		{
 			size_t offset = strlen(theLogFileNamePrev);
 			snprintf(theLogFileNamePrev + offset, ARRAY_SIZE(theLogFileNamePrev) - offset, "_Instance%.2u", rts::ClientInstance::getInstanceId());
 		}
-		strcat(theLogFileNamePrev, ".txt");
+		strlcat(theLogFileNamePrev, ".txt", ARRAY_SIZE(theLogFileNamePrev));
 
 		strcpy(theLogFileName, dirbuf);
-		strcat(theLogFileName, gAppPrefix);
-		strcat(theLogFileName, DEBUG_FILE_NAME);
+		strlcat(theLogFileName, gAppPrefix, ARRAY_SIZE(theLogFileNamePrev));
+		strlcat(theLogFileName, DEBUG_FILE_NAME, ARRAY_SIZE(theLogFileNamePrev));
 		if (rts::ClientInstance::getInstanceId() > 1u)
 		{
 			size_t offset = strlen(theLogFileName);
 			snprintf(theLogFileName + offset, ARRAY_SIZE(theLogFileName) - offset, "_Instance%.2u", rts::ClientInstance::getInstanceId());
 		}
-		strcat(theLogFileName, ".txt");
+		strlcat(theLogFileName, ".txt", ARRAY_SIZE(theLogFileNamePrev));
 
 		remove(theLogFileNamePrev);
 		rename(theLogFileName, theLogFileNamePrev);
@@ -509,7 +509,7 @@ void DebugCrash(const char *format, ...)
 	char theCrashBuffer[ LARGE_BUFFER ];
 
 	prepBuffer(theCrashBuffer);
-	strcat(theCrashBuffer, "ASSERTION FAILURE: ");
+	strlcat(theCrashBuffer, "ASSERTION FAILURE: ", ARRAY_SIZE(theCrashBuffer));
 
 	va_list arg;
 	va_start(arg, format);
@@ -538,7 +538,7 @@ void DebugCrash(const char *format, ...)
 #endif
 	}
 
-	strcat(theCrashBuffer, "\n\nAbort->exception; Retry->debugger; Ignore->continue");
+	strlcat(theCrashBuffer, "\n\nAbort->exception; Retry->debugger; Ignore->continue", ARRAY_SIZE(theCrashBuffer));
 
 	const int result = doCrashBox(theCrashBuffer, useLogging);
 
@@ -737,9 +737,9 @@ void ReleaseCrash(const char *reason)
 	}
 
 	strcpy(prevbuf, TheGlobalData->getPath_UserData().str());
-	strcat(prevbuf, RELEASECRASH_FILE_NAME_PREV);
+	strlcat(prevbuf, RELEASECRASH_FILE_NAME_PREV, ARRAY_SIZE(prevbuf));
 	strcpy(curbuf, TheGlobalData->getPath_UserData().str());
-	strcat(curbuf, RELEASECRASH_FILE_NAME);
+	strlcat(curbuf, RELEASECRASH_FILE_NAME, ARRAY_SIZE(curbuf));
 
  	remove(prevbuf);
 	rename(curbuf, prevbuf);
@@ -826,9 +826,9 @@ void ReleaseCrashLocalized(const AsciiString& p, const AsciiString& m)
 	char curbuf[ _MAX_PATH ];
 
 	strcpy(prevbuf, TheGlobalData->getPath_UserData().str());
-	strcat(prevbuf, RELEASECRASH_FILE_NAME_PREV);
+	strlcat(prevbuf, RELEASECRASH_FILE_NAME_PREV, ARRAY_SIZE(prevbuf));
 	strcpy(curbuf, TheGlobalData->getPath_UserData().str());
-	strcat(curbuf, RELEASECRASH_FILE_NAME);
+	strlcat(curbuf, RELEASECRASH_FILE_NAME, ARRAY_SIZE(curbuf));
 
  	remove(prevbuf);
 	rename(curbuf, prevbuf);

Core/GameEngine/Source/Common/System/GameMemory.cpp

@@ -2976,7 +2976,7 @@ void MemoryPoolFactory::memoryPoolUsageReport( const char* filename, FILE *appen
 	{
 		char tmp[256];
 		strcpy(tmp,filename);
-		strcat(tmp,".csv");
+		strlcat(tmp, ".csv", ARRAY_SIZE(tmp));
 		perfStatsFile = fopen(tmp, "w");
 	}
 	else

Core/GameEngine/Source/Common/System/GameMemoryInit.cpp

@@ -123,7 +123,7 @@ void userMemoryManagerInitPools()
 		}
 		--pEnd;
 	}
-	strcat(buf, "\\Data\\INI\\MemoryPools.ini");
+	strlcat(buf, "\\Data\\INI\\MemoryPools.ini", ARRAY_SIZE(buf));
 
 	FILE* fp = fopen(buf, "r");
 	if (fp)

Core/Libraries/Source/WWVegas/WW3D2/hcanim.cpp

@@ -257,8 +257,8 @@ int HCompressedAnimClass::Load_W3D(ChunkLoadClass & cload)
 	cload.Close_Chunk();
 
 	strcpy(Name,aheader.HierarchyName);
-	strcat(Name,".");
-	strcat(Name,aheader.Name);
+	strlcat(Name, ".", ARRAY_SIZE(Name));
+	strlcat(Name, aheader.Name, ARRAY_SIZE(Name));
 
 	// TSS chasing crash bug 05/26/99
    WWASSERT(HierarchyName != NULL);

Core/Libraries/Source/WWVegas/WW3D2/hmdldef.cpp

@@ -234,8 +234,8 @@ bool HModelDefClass::read_connection(ChunkLoadClass & cload,HmdlNodeDefStruct *
 	}
 
 	strcpy(node->RenderObjName,ModelName);
-	strcat(node->RenderObjName,".");
-	strcat(node->RenderObjName,con.RenderObjName);
+	strlcat(node->RenderObjName, ".", ARRAY_SIZE(node->RenderObjName));
+	strlcat(node->RenderObjName, con.RenderObjName, ARRAY_SIZE(node->RenderObjName));
 
 	if (pre30) {
 		if (con.PivotIdx == 65535) {

Core/Libraries/Source/WWVegas/WW3D2/w3d_dep.cpp

@@ -570,6 +570,6 @@ static const char * Make_W3D_Filename (const char *w3d_name)
 	if (dot)
 		*dot = 0;
 	strlwr(buffer);
-	strcat(buffer, ".w3d");
+	strlcat(buffer, ".w3d", ARRAY_SIZE(buffer));
 	return buffer;
 }

Core/Libraries/Source/WWVegas/WWDownload/FTP.CPP

@@ -36,6 +36,7 @@
 #include <time.h>
 #include <direct.h>
 #include <errno.h>
+#include <WWCommon.h>
 //#include "wlib/wstring.h"
 
 #include "stringex.h"
@@ -141,7 +142,7 @@ static bool Use_Non_Blocking_Mode(void)
 	if ((regRetval!=ERROR_SUCCESS) || (type != REG_DWORD))
 		return(TRUE);
 
-	return(bool(value));
+	return bool(value);
 }
 
 
@@ -679,7 +680,7 @@ HRESULT  Cftp::FindFile( LPCSTR szRemoteFileName, int * piSize )
 	_splitpath( szRemoteFileName, NULL, m_szRemoteFilePath+strlen(m_szRemoteFilePath),
 		m_szRemoteFileName, ext );
 
-	strcat( m_szRemoteFileName, ext );
+	strlcat(m_szRemoteFileName, ext, ARRAY_SIZE(m_szRemoteFileName));
 
 	for( i = 0; i < (int)strlen( m_szRemoteFilePath ); i++ )
 	{
@@ -1723,11 +1724,11 @@ HRESULT  Cftp::FileRecoveryPosition( LPCSTR szLocalFileName, LPCSTR szRegistryRo
 	strcpy( regkey, szRegistryRoot );
 	if( regkey[ strlen( regkey ) - 1 ] != '\\' )
 	{
-		strcat( regkey, "\\Download" );
+		strlcat(regkey, "\\Download", ARRAY_SIZE(regkey));
 	}
 	else
 	{
-		strcat( regkey, "Download" );
+		strlcat(regkey, "Download", ARRAY_SIZE(regkey));
 	}
 
 	if( RegOpenKeyEx( HKEY_LOCAL_MACHINE, (LPCTSTR)regkey,

Core/Libraries/Source/WWVegas/WWLib/Except.cpp

@@ -224,7 +224,7 @@ char const * Last_Error_Text(void)
  *=============================================================================================*/
 static void Add_Txt (char const *txt)
 {
-	if (strlen(ExceptionText) + strlen(txt) < 65535) {
+	if (strlen(ExceptionText) + strlen(txt) < ARRAY_SIZE(ExceptionText) - 1) {
 		strcat(ExceptionText, txt);
 	}
 #if (0)
@@ -653,15 +653,15 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 
 	for (int c = 0 ; c < 32 ; c++) {
 		if (IsBadReadPtr(eip_ptr, 1)) {
-			strcat(scrap, "?? ");
+			strlcat(scrap, "?? ", ARRAY_SIZE(scrap));
 		} else {
 			sprintf(bytestr, "%02X ", *eip_ptr);
-			strcat(scrap, bytestr);
+			strlcat(scrap, bytestr, ARRAY_SIZE(scrap));
 		}
 		eip_ptr++;
 	}
 
-	strcat(scrap, "\r\n\r\n");
+	strlcat(scrap, "\r\n\r\n", ARRAY_SIZE(scrap));
 	Add_Txt(scrap);
 
 	/*
@@ -677,14 +677,14 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 			** The stack contents cannot be read so just print up question marks.
 			*/
 			sprintf(scrap, "%p: ", static_cast<void*>(stackptr));
-			strcat(scrap, "????????\r\n");
+			strlcat(scrap, "????????\r\n", ARRAY_SIZE(scrap));
 		} else {
 			/*
 			** If this stack address is in our memory space then try to match it with a code symbol.
 			*/
 			if (IsBadCodePtr((FARPROC)*stackptr)) {
 				sprintf(scrap, "%p: %08lX ", static_cast<void*>(stackptr), *stackptr);
-				strcat(scrap, "DATA_PTR\r\n");
+				strlcat(scrap, "DATA_PTR\r\n", ARRAY_SIZE(scrap));
 			} else {
 				sprintf(scrap, "%p: %08lX", static_cast<void*>(stackptr), *stackptr);
 
@@ -697,12 +697,12 @@ void Dump_Exception_Info(EXCEPTION_POINTERS *e_info)
 					if (_SymGetSymFromAddr != NULL && _SymGetSymFromAddr (GetCurrentProcess(), *stackptr, &displacement, symptr)) {
 						char symbuf[256];
 						sprintf(symbuf, " - %s + %08X", symptr->Name, displacement);
-						strcat(scrap, symbuf);
+						strlcat(scrap, symbuf, ARRAY_SIZE(scrap));
 					}
 				} else {
-					strcat (scrap, " *");
+					strlcat(scrap, " *", ARRAY_SIZE(scrap));
 				}
-				strcat (scrap, "\r\n");
+				strlcat(scrap, "\r\n", ARRAY_SIZE(scrap));
 			}
 		}
 		Add_Txt(scrap);

Core/Libraries/Source/WWVegas/WWLib/registry.cpp

@@ -386,7 +386,7 @@ void RegistryClass::Save_Registry_Values(HKEY key, char *path, INIClass *ini)
 				*/
 				case REG_DWORD:
 					strcpy(save_name, "DWORD_");
-					strcat(save_name, value_name);
+					strlcat(save_name, value_name, ARRAY_SIZE(save_name));
 					ini->Put_Int(path, save_name, *((unsigned long*)data));
 					break;
 
@@ -395,7 +395,7 @@ void RegistryClass::Save_Registry_Values(HKEY key, char *path, INIClass *ini)
 				*/
 				case REG_SZ:
 					strcpy(save_name, "STRING_");
-					strcat(save_name, value_name);
+					strlcat(save_name, value_name, ARRAY_SIZE(save_name));
 					ini->Put_String(path, save_name, (char*)data);
 					break;
 
@@ -404,7 +404,7 @@ void RegistryClass::Save_Registry_Values(HKEY key, char *path, INIClass *ini)
 				*/
 				case REG_BINARY:
 					strcpy(save_name, "BIN_");
-					strcat(save_name, value_name);
+					strlcat(save_name, value_name, ARRAY_SIZE(save_name));
 					ini->Put_UUBlock(path, save_name, (char*)data, data_size);
 					break;
 
@@ -471,8 +471,8 @@ void RegistryClass::Save_Registry_Tree(char *path, INIClass *ini)
 				*/
 				char new_key_path[512];
 				strcpy(new_key_path, path);
-				strcat(new_key_path, "\\");
-				strcat(new_key_path, name);
+				strlcat(new_key_path, "\\", ARRAY_SIZE(new_key_path));
+				strlcat(new_key_path, name, ARRAY_SIZE(new_key_path));
 
 				unsigned long num_subs = 0;
 				unsigned long num_values = 0;
@@ -567,7 +567,7 @@ void RegistryClass::Load_Registry(const char *filename, char *old_path, char *ne
 			strcpy(path, new_path);
 			char *cut = strstr(section_name, old_path);
 			if (cut) {
-				strcat(path, cut + old_path_len);
+				strlcat(path, cut + old_path_len, ARRAY_SIZE(path));
 			}
 
 			/*
@@ -694,8 +694,8 @@ void RegistryClass::Delete_Registry_Tree(char *path)
 					*/
 					char new_key_path[512];
 					strcpy(new_key_path, path);
-					strcat(new_key_path, "\\");
-					strcat(new_key_path, name);
+					strlcat(new_key_path, "\\", ARRAY_SIZE(new_key_path));
+					strlcat(new_key_path, name, ARRAY_SIZE(new_key_path));
 
 					unsigned long num_subs = 0;
 					unsigned long num_values = 0;

Core/Libraries/Source/debug/debug_debug.cpp

@@ -31,6 +31,7 @@
 #include <stdlib.h>
 #include <Utility/stdio_adapter.h>
 #include <string.h>
+#include <WWCommon.h>
 #include <new>      // needed for placement new prototype
 
 // a little dummy variable that makes the linker actually include
@@ -347,7 +348,7 @@ bool Debug::AssertDone(void)
                         "time being (stops logging this assertion as well).";
     char *help=(char *)DebugAllocMemory(ioBuffer[curType].used+strlen(addInfo)+1);
     strcpy(help,ioBuffer[curType].buffer+82);
-    strcat(help,addInfo);
+    strlcat(help, addInfo, ARRAY_SIZE(help));
 
     // First hit? Then do a stack trace
     if (curFrameEntry->hits==1)
@@ -611,7 +612,7 @@ bool Debug::CrashDone(bool die)
 #endif
     char *help=(char *)DebugAllocMemory(ioBuffer[curType].used+strlen(addInfo)+1);
     strcpy(help,ioBuffer[curType].buffer+82);
-    strcat(help,addInfo);
+    strlcat(help, addInfo, ARRAY_SIZE(help));
 
     // First hit? Then do a stack trace
     if (curFrameEntry->hits==1)