- lots more code cleanup, using safe buffer size code to avoid buffer overflows

2025-08-15 12:54:01 +02:00 · 2012-10-19 01:31:20 +00:00
parent 39191dc11e
commit 011e0263b0
68 changed files with 906 additions and 1200 deletions
--- a/source/shared_lib/sources/platform/common/base_thread.cpp
+++ b/source/shared_lib/sources/platform/common/base_thread.cpp
@@ -51,8 +51,8 @@ BaseThread::~BaseThread() {

 	MutexSafeWrapper safeMutexMasterList(&mutexMasterThreadList);
 	if(masterThreadList.find(this) == masterThreadList.end()) {
-		char szBuf[4096]="";
-		sprintf(szBuf,"invalid thread delete for ptr: %p",this);
+		char szBuf[8096]="";
+		snprintf(szBuf,8096,"invalid thread delete for ptr: %p",this);
 		throw megaglest_runtime_error(szBuf);
 	}
 	masterThreadList[this]--;
--- a/source/shared_lib/sources/platform/common/simple_threads.cpp
+++ b/source/shared_lib/sources/platform/common/simple_threads.cpp
@@ -656,8 +656,8 @@ void LogFileThread::saveToDisk(bool forceSaveAll,bool logListAlreadyLocked) {
            safeMutex.Lock();
            if(logList.size() > 0) {
 				if(logList.size() < logCount) {
-					char szBuf[1024]="";
-					sprintf(szBuf,"logList.size() <= logCount [%lld][%lld]",(long long int)logList.size(),(long long int)logCount);
+					char szBuf[8096]="";
+					snprintf(szBuf,8096,"logList.size() <= logCount [%lld][%lld]",(long long int)logList.size(),(long long int)logCount);
 					throw megaglest_runtime_error(szBuf);
 				}
 				logList.erase(logList.begin(),logList.begin() + logCount);
--- a/source/shared_lib/sources/platform/posix/miniftpclient.cpp
+++ b/source/shared_lib/sources/platform/posix/miniftpclient.cpp
@@ -304,13 +304,13 @@ pair<FTP_Client_ResultType,string> FTPClientThread::getMapFromServer(pair<string
    if(curl) {
        ftpfile.stream = NULL;

-        char szBuf[1024]="";
+        char szBuf[8096]="";
        if(mapFileName.second != "") {
-        	sprintf(szBuf,"%s",mapFileName.second.c_str());
+        	snprintf(szBuf,8096,"%s",mapFileName.second.c_str());
        	curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1L);
        }
        else {
-        	sprintf(szBuf,"ftp://%s:%s@%s:%d/%s%s",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,mapFileName.first.c_str(),destFileExt.c_str());
+        	snprintf(szBuf,8096,"ftp://%s:%s@%s:%d/%s%s",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,mapFileName.first.c_str(),destFileExt.c_str());
        }

        curl_easy_setopt(curl, CURLOPT_URL,szBuf);
@@ -511,8 +511,6 @@ pair<FTP_Client_ResultType,string> FTPClientThread::getTilesetFromServer(
            else {
            	remotePath = tileSetName.first + this->fileArchiveExtension;
            }
-        	//sprintf(szBuf,"ftp://%s:%s@%s:%d/%s%s",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,
-        	//		tileSetName.c_str(),this->fileArchiveExtension.c_str());
        }
        else {
        	getFolderContents = true;
@@ -523,8 +521,6 @@ pair<FTP_Client_ResultType,string> FTPClientThread::getTilesetFromServer(
            destFileSaveAsNewFile = destFileSaveAs;
            endPathWithSlash(destFileSaveAsNewFile);
            destFileSaveAs += ".tmp";
-
-        	//sprintf(szBuf,"ftp://%s:%s@%s:%d/%s/*",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,tileSetName.c_str());
        }
    }
    else {
@@ -539,9 +535,6 @@ pair<FTP_Client_ResultType,string> FTPClientThread::getTilesetFromServer(
        destFileSaveAsNewFile = destFileSaveAs;
        endPathWithSlash(destFileSaveAsNewFile);
        destFileSaveAs += ".tmp";
-
-        //sprintf(szBuf,"ftp://%s:%s@%s:%d/%s/%s/*",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,
-        //		tileSetName.c_str(),tileSetNameSubfolder.c_str());
    }

    vector <string> *pWantDirListOnly = NULL;
@@ -882,13 +875,13 @@ pair<FTP_Client_ResultType,string>  FTPClientThread::getFileFromServer(FTP_Clien
    if(curl) {
        ftpfile.stream = NULL;

-        char szBuf[1024]="";
+        char szBuf[8096]="";
        if(fileNameTitle.second != "") {
-        	sprintf(szBuf,"%s",fileNameTitle.second.c_str());
+        	snprintf(szBuf,8096,"%s",fileNameTitle.second.c_str());
        	curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1L);
        }
        else {
-        	sprintf(szBuf,"ftp://%s:%s@%s:%d/%s",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,remotePath.c_str());
+        	snprintf(szBuf,8096,"ftp://%s:%s@%s:%d/%s",ftpUser.c_str(),ftpUserPassword.c_str(),serverUrl.c_str(),portNumber,remotePath.c_str());
        }

        curl_easy_setopt(curl, CURLOPT_URL,szBuf);
--- a/source/shared_lib/sources/platform/posix/socket.cpp
+++ b/source/shared_lib/sources/platform/posix/socket.cpp
@@ -477,7 +477,7 @@ static void PrintNetworkInterfaceInfos()
         char buf[128];
         if (name == NULL)
         {
-            sprintf(buf, "unnamed-%i", i);
+            snprintf(buf, 128,"unnamed-%i", i);
            name = buf;
         }

@@ -617,10 +617,8 @@ string getNetworkInterfaceBroadcastAddress(string ipAddress)
               next = next->Next;
            }
         }
-         //char buf[128]="";
         if (name == NULL)
         {
-            //sprintf(buf, "unnamed-%i", i);
            name = "";
         }

@@ -678,11 +676,6 @@ std::vector<std::string> Socket::getLocalIPAddressList() {
 		//int ipIdx = 0;
 		//while (myhostent->h_addr_list[ipIdx] != 0) {
 		for(int ipIdx = 0; myhostent->h_addr_list[ipIdx] != NULL; ++ipIdx) {
-		   //sprintf(myhostaddr, "%s",inet_ntoa(*(struct in_addr *)myhostent->h_addr_list[ipIdx]));
-			//struct sockaddr_in SockAddr;
-			//memcpy(&(SockAddr.sin_addr),&myhostent->h_addr[ipIdx],myhostent->h_length);
-			//SockAddr.sin_family = myhostent->h_addrtype;
-			//Inet_NtoA(SockAddrToUint32((sockaddr *)&SockAddr), myhostaddr);
 			Ip::Inet_NtoA(SockAddrToUint32((struct in_addr *)myhostent->h_addr_list[ipIdx]), myhostaddr);

 		   //printf("ipIdx = %d [%s]\n",ipIdx,myhostaddr);
@@ -723,7 +716,7 @@ std::vector<std::string> Socket::getLocalIPAddressList() {

 			/* I want IP address attached to "eth0" */
 			char szBuf[100]="";
-			sprintf(szBuf,"%s%d",intfName.c_str(),idx);
+			snprintf(szBuf,100,"%s%d",intfName.c_str(),idx);
 			int maxIfNameLength = std::min((int)strlen(szBuf),IFNAMSIZ-1);

 			strncpy(ifr.ifr_name, szBuf, maxIfNameLength);
@@ -738,7 +731,7 @@ std::vector<std::string> Socket::getLocalIPAddressList() {
 			if(result_ifaddrr >= 0) {
 				struct sockaddr_in *pSockAddr = (struct sockaddr_in *)&ifr.ifr_addr;
 				if(pSockAddr != NULL) {
-					//sprintf(myhostaddr, "%s",inet_ntoa(pSockAddr->sin_addr));
+
 					Ip::Inet_NtoA(SockAddrToUint32(&pSockAddr->sin_addr), myhostaddr);
 					if(SystemFlags::getSystemSettingType(SystemFlags::debugNetwork).enabled) SystemFlags::OutputDebug(SystemFlags::debugNetwork,"In [%s::%s Line: %d] szBuf [%s], myhostaddr = [%s], ifr.ifr_flags = %d, ifrA.ifr_flags = %d, ifr.ifr_name [%s]\n",__FILE__,__FUNCTION__,__LINE__,szBuf,myhostaddr,ifr.ifr_flags,ifrA.ifr_flags,ifr.ifr_name);

@@ -2219,11 +2212,11 @@ void ServerSocket::bind(int port) {

 	int err= ::bind(sock, reinterpret_cast<sockaddr*>(&addr), sizeof(addr));
 	if(err < 0) {
-	    char szBuf[1024]="";
-	    sprintf(szBuf, "In [%s::%s] Error binding socket sock = %d, err = %d, error = %s\n",__FILE__,__FUNCTION__,sock,err,getLastSocketErrorFormattedText().c_str());
+	    char szBuf[8096]="";
+	    snprintf(szBuf, 8096,"In [%s::%s] Error binding socket sock = %d, err = %d, error = %s\n",__FILE__,__FUNCTION__,sock,err,getLastSocketErrorFormattedText().c_str());
 	    if(SystemFlags::getSystemSettingType(SystemFlags::debugNetwork).enabled) SystemFlags::OutputDebug(SystemFlags::debugNetwork,"%s",szBuf);

-	    sprintf(szBuf, "Error binding socket sock = %d, err = %d, error = %s\n",sock,err,getLastSocketErrorFormattedText().c_str());
+	    snprintf(szBuf, 8096,"Error binding socket sock = %d, err = %d, error = %s\n",sock,err,getLastSocketErrorFormattedText().c_str());
 	    throw megaglest_runtime_error(szBuf);
 	}
 	portBound = true;
@@ -2256,8 +2249,8 @@ void ServerSocket::listen(int connectionQueueSize) {

 		int err= ::listen(sock, connectionQueueSize);
 		if(err < 0) {
-			char szBuf[1024]="";
-			sprintf(szBuf, "In [%s::%s] Error listening socket sock = %d, err = %d, error = %s\n",__FILE__,__FUNCTION__,sock,err,getLastSocketErrorFormattedText().c_str());
+			char szBuf[8096]="";
+			snprintf(szBuf, 8096,"In [%s::%s] Error listening socket sock = %d, err = %d, error = %s\n",__FILE__,__FUNCTION__,sock,err,getLastSocketErrorFormattedText().c_str());
 			throwException(szBuf);
 		}
 	}
@@ -2303,8 +2296,8 @@ Socket *ServerSocket::accept(bool errorOnFail) {
 		safeMutex.ReleaseLock();

 		if(isSocketValid(&newSock) == false) {
-			char szBuf[1024]="";
-			sprintf(szBuf, "In [%s::%s Line: %d] Error accepting socket connection sock = %d, err = %d, error = %s\n",__FILE__,__FUNCTION__,__LINE__,sock,newSock,getLastSocketErrorFormattedText().c_str());
+			char szBuf[8096]="";
+			snprintf(szBuf, 8096,"In [%s::%s Line: %d] Error accepting socket connection sock = %d, err = %d, error = %s\n",__FILE__,__FUNCTION__,__LINE__,sock,newSock,getLastSocketErrorFormattedText().c_str());
 			if(SystemFlags::getSystemSettingType(SystemFlags::debugNetwork).enabled) SystemFlags::OutputDebug(SystemFlags::debugNetwork,"In [%s::%s Line: %d] %s\n",__FILE__,__FUNCTION__,__LINE__,szBuf);

 			int lastSocketError = getLastSocketError();
@@ -2326,8 +2319,6 @@ Socket *ServerSocket::accept(bool errorOnFail) {
 		}
 		else {
 			Ip::Inet_NtoA(SockAddrToUint32((struct sockaddr *)&cli_addr), client_host);
-			//printf("client_host [%s]\n",client_host);
-			//sprintf(client_host, "%s",inet_ntoa(cli_addr.sin_addr));
 			if(SystemFlags::getSystemSettingType(SystemFlags::debugNetwork).enabled) SystemFlags::OutputDebug(SystemFlags::debugNetwork,"In [%s::%s Line: %d] got connection, newSock = %d client_host [%s]\n",__FILE__,__FUNCTION__,__LINE__,newSock,client_host);
 		}
 		if(isIPAddressBlocked((client_host[0] != '\0' ? client_host : "")) == true) {
@@ -2495,14 +2486,14 @@ int UPNP_Tools::upnp_init(void *param) {
 					free (descXML); descXML = 0;
 					GetUPNPUrls (&urls, &data, dev->descURL);
 				}
-				sprintf(buf, "UPnP device found: %s %s LAN address %s", dev->descURL, dev->st, lanaddr);
+				snprintf(buf, 255,"UPnP device found: %s %s LAN address %s", dev->descURL, dev->st, lanaddr);

 				freeUPNPDevlist(devlist);
 				devlist = NULL;
 			}

 			if (!urls.controlURL || urls.controlURL[0] == '\0')	{
-				sprintf(buf, "controlURL not available, UPnP disabled");
+				snprintf(buf, 255,"controlURL not available, UPnP disabled");
 				if(callback) {
 					safeMutexUPNP.ReleaseLock();
 				    callback->UPNPInitStatus(false);
@@ -2531,7 +2522,7 @@ int UPNP_Tools::upnp_init(void *param) {
 		}

 		if(result == -1) {
-			sprintf(buf, "UPnP device not found.");
+			snprintf(buf, 255,"UPnP device not found.");

 			if(SystemFlags::getSystemSettingType(SystemFlags::debugNetwork).enabled) SystemFlags::OutputDebug(SystemFlags::debugNetwork,"No UPnP devices found.\n");

@@ -2543,7 +2534,7 @@ int UPNP_Tools::upnp_init(void *param) {
 		}
 	}
 	else {
-		sprintf(buf, "UPnP detection routine disabled by user.");
+		snprintf(buf, 255,"UPnP detection routine disabled by user.");
 		if(SystemFlags::getSystemSettingType(SystemFlags::debugNetwork).enabled) SystemFlags::OutputDebug(SystemFlags::debugNetwork,"UPnP detection routine disabled by user.\n");

        if(callback) {
@@ -2798,9 +2789,8 @@ void BroadCastSocketThread::execute() {
 			if( Socket::isSocketValid(&bcfd[idx]) == true ) {
 				try {
 					// Send this machine's host name and address in hostname:n.n.n.n format
-					sprintf(buff,"%s",myhostname);
+					snprintf(buff,1024,"%s",myhostname);
 					for(unsigned int idx1 = 0; idx1 < ipList.size(); idx1++) {
-						//sprintf(buff,"%s:%s",buff,ipList[idx1].c_str());
 						strcat(buff,":");
 						strcat(buff,ipList[idx1].c_str());
 						strcat(buff,":");
--- a/source/shared_lib/sources/platform/sdl/platform_util.cpp
+++ b/source/shared_lib/sources/platform/sdl/platform_util.cpp
@@ -36,9 +36,8 @@ bool PlatformExceptionHandler::disableBacktrace = false;

 // This was the simplest, most portable solution i could find in 5 mins for linux
 int MessageBox(int handle, const char *msg, const char *title, int buttons) {
-    char cmd[1024]="";
-    //sprintf(cmd, "xmessage -center \"%s\"", msg);
-    sprintf(cmd, "gdialog --title \"%s\" --msgbox \"%s\"", title, msg);
+    char cmd[8096]="";
+    snprintf(cmd, 8096,"gdialog --title \"%s\" --msgbox \"%s\"", title, msg);

    //if(fork()==0){
        //close(1); close(2);
@@ -72,14 +71,13 @@ void exceptionMessage(const exception &excp) {
 static int getFileAndLine(char *function, void *address, char *file, size_t flen) {
        int line=-1;
        if(PlatformExceptionHandler::application_binary != "") {
-			const int maxbufSize = 8094;
+			const int maxbufSize = 8096;
 			char buf[maxbufSize+1]="";
 			//char *p=NULL;

 			// prepare command to be executed
 			// our program need to be passed after the -e parameter
-			//sprintf (buf, "/usr/bin/addr2line -C -e ./a.out -f -i %lx", addr);
-			sprintf(buf, "addr2line -C -e %s -f -i %p",PlatformExceptionHandler::application_binary.c_str(),address);
+			snprintf(buf, 8096,"addr2line -C -e %s -f -i %p",PlatformExceptionHandler::application_binary.c_str(),address);

 			FILE* f = popen (buf, "r");
 			if (f == NULL) {
@@ -224,17 +222,15 @@ string PlatformExceptionHandler::getStackTrace() {
                }
                //fprintf(out, "    %s:%s\n", stack.strings[i], function);

-                //sprintf(szBuf,"%s:%s address [%p]",stack_strings[i],function,lineAddress);
                strBuf = string(stack_strings[i]) + ":" + string(function);
-                sprintf(szBuf,"address [%p]",lineAddress);
+                snprintf(szBuf,8096,"address [%p]",lineAddress);
                strBuf += szBuf;
            }
            else {
                // didn't find the mangled name, just print the whole line
                //fprintf(out, "    %s\n", stack.strings[i]);
-                //sprintf(szBuf,"%s address [%p]",stack_strings[i],lineAddress);
            	strBuf = stack_strings[i];
-                sprintf(szBuf,"address [%p]",lineAddress);
+                snprintf(szBuf,8096,"address [%p]",lineAddress);
                strBuf += szBuf;
            }

--- a/source/shared_lib/sources/platform/win32/platform_util.cpp
+++ b/source/shared_lib/sources/platform/win32/platform_util.cpp
@@ -158,47 +158,6 @@ string PlatformExceptionHandler::getStackTrace() {
 		 return result;
 	 }
 #ifndef __MINGW32__
-/*
-	 unsigned int   i;
-	 const int max_stack_count = 25;
-     void         * stack[ max_stack_count ];
-     unsigned short frames;
-     SYMBOL_INFO  * symbol;
-     HANDLE         process;
-
-     process = GetCurrentProcess();
-
-     SymInitialize( process, NULL, TRUE );
-
-     frames               = CaptureStackBackTrace( 0, max_stack_count, stack, NULL );
-     symbol               = ( SYMBOL_INFO * )calloc( sizeof( SYMBOL_INFO ) + 256 * sizeof( char ), 1 );
-     symbol->MaxNameLen   = 255;
-     symbol->SizeOfStruct = sizeof( SYMBOL_INFO );
-
-     IMAGEHLP_LINE li = { sizeof( IMAGEHLP_LINE ) };
-
-	 char szBuf[8096]="";
-     for( i = 0; i < frames; i++ ) {
-         DWORD off=0;
-   	     DWORD dwDisp=0;
-
-         SymFromAddr( process, ( DWORD64 )( stack[ i ] ), 0, symbol );
-		 SymGetLineFromAddr(process, ( DWORD64 )( stack[ i ] ), &dwDisp, &li);
-
-        //if( SymGetSymFromAddr(GetCurrentProcess(), (DWORD)sf.AddrPC.Offset, &off, &si.sym) &&
-		//	SymGetLineFromAddr(GetCurrentProcess(), (DWORD)sf.AddrPC.Offset, &dwDisp, &li)) {
-        char *del = strrchr(li.FileName, '\\');
-        //formatstring(t)("%s - %s [%d]\n", symbol.sym.Name, del ? del + 1 : li.FileName, li.LineNumber+dwDisp);
-        //concatstring(out, t);
-        
-		 
-         //sprintf(szBuf,"%i: %s - 0x%0X\n", frames - i - 1, symbol->Name, symbol->Address );
-		 sprintf(szBuf,"%s - %s [%d]\n", symbol->Name, del ? del + 1 : li.FileName, li.LineNumber+dwDisp);
-		 result += szBuf;
-     }
-
-     free( symbol );
-*/

    CONTEXT context = { 0 };
    context.ContextFlags = CONTEXT_FULL;
@@ -245,7 +204,7 @@ string PlatformExceptionHandler::getStackTrace() {
 			// RetAddr Arg1 Arg2 Arg3 module!funtion FileName(line)+offset

 			char szBuf[8096]="";
-            sprintf(szBuf,"%08lx %08lx %08lx %08lx %s!%s %s(%lu) %+ld\n",
+            snprintf(szBuf,8096,"%08lx %08lx %08lx %08lx %s!%s %s(%lu) %+ld\n",
                   stackframe.AddrReturn.Offset,
                   stackframe.Params[0],
                   stackframe.Params[1],