String safety (#1548)

* Array size UB fixes

* Fix ShieldD

* Remove (almost) all unsafe strcpy calls

Bunch of macros. C arrays are easy enough and just need a different call. For various cases where a char* is passed around bare, I've made a TEXT_SPAN macro that can store a length too for bounds checking.

* Move crash handling in safe string operations to separate TU

* strcat safe version

* sprintf made safe too

* Fix compile
This commit is contained in:
Pieter-Jan Briers
2026-05-24 18:43:00 +02:00
committed by GitHub
parent af162bbd0a
commit a6376368ee
100 changed files with 781 additions and 546 deletions
@@ -4,6 +4,7 @@
#include "JSystem/J2DGraph/J2DMaterial.h"
#include "JSystem/J2DGraph/J2DPane.h"
#include "dusk/endian.h"
#include "dusk/string.hpp"
class J2DMaterial;
class JUTFont;
@@ -98,7 +99,8 @@ public:
void initiate(ResFONT const*, char const*, s16, J2DTextBoxHBinding,
J2DTextBoxVBinding);
void private_readStream(J2DPane*, JSURandomInputStream*, JKRArchive*);
char* getStringPtr() const;
TEXT_SPAN getStringPtr() const;
dusk::TextSpan getSpan() const;
s32 setString(s16, char const*, ...);
s32 setString(char const*, ...);