String safety (#1548)

* Array size UB fixes

* Fix ShieldD

* Remove (almost) all unsafe strcpy calls

Bunch of macros. C arrays are easy enough and just need a different call. For various cases where a char* is passed around bare, I've made a TEXT_SPAN macro that can store a length too for bounds checking.

* Move crash handling in safe string operations to separate TU

* strcat safe version

* sprintf made safe too

* Fix compile
This commit is contained in:
Pieter-Jan Briers
2026-05-24 18:43:00 +02:00
committed by GitHub
parent af162bbd0a
commit a6376368ee
100 changed files with 781 additions and 546 deletions
+16 -15
View File
@@ -5,24 +5,25 @@
#include "d/dolzel_rel.h" // IWYU pragma: keep
#include "d/actor/d_a_bg_obj.h"
#include "JSystem/J3DGraphBase/J3DMaterial.h"
#include <cstdio>
#include <os.h>
#include <cstring>
#include <os.h>
#include "JSystem/J3DGraphBase/J3DMaterial.h"
#include "SSystem/SComponent/c_math.h"
#include "d/actor/d_a_bg_obj.h"
#include "d/actor/d_a_set_bgobj.h"
#include "d/d_s_play.h"
#include "SSystem/SComponent/c_math.h"
#include "dusk/string.hpp"
static const char* getBmdName(int param_0, int param_1) {
static char l_bmdName[16];
switch (param_1) {
case 0:
sprintf(l_bmdName, "model%d.bmd", param_0);
SAFE_SPRINTF(l_bmdName, "model%d.bmd", param_0);
break;
default:
sprintf(l_bmdName, "model%d_%d.bmd", param_0, param_1);
SAFE_SPRINTF(l_bmdName, "model%d_%d.bmd", param_0, param_1);
break;
}
@@ -34,10 +35,10 @@ static const char* getBtkName(int param_0, int param_1) {
switch (param_1) {
case 0:
sprintf(l_btkName, "model%d.btk", param_0);
SAFE_SPRINTF(l_btkName, "model%d.btk", param_0);
break;
default:
sprintf(l_btkName, "model%d_%d.btk", param_0, param_1);
SAFE_SPRINTF(l_btkName, "model%d_%d.btk", param_0, param_1);
break;
}
@@ -49,10 +50,10 @@ static const char* getBrkName(int param_0, int param_1) {
switch (param_1) {
case 0:
sprintf(l_brkName, "model%d.brk", param_0);
SAFE_SPRINTF(l_brkName, "model%d.brk", param_0);
break;
default:
sprintf(l_brkName, "model%d_%d.brk", param_0, param_1);
SAFE_SPRINTF(l_brkName, "model%d_%d.brk", param_0, param_1);
break;
}
@@ -62,7 +63,7 @@ static const char* getBrkName(int param_0, int param_1) {
static const char* getDzbName(int param_0) {
static char l_dzbName[16];
sprintf(l_dzbName, "model%d.dzb", param_0);
SAFE_SPRINTF(l_dzbName, "model%d.dzb", param_0);
return l_dzbName;
}
@@ -95,12 +96,12 @@ u8* daBgObj_c::spec_data_c::initTexShareBlock(u8* i_dataPtr) {
u8* dataPos = i_dataPtr + 8;
for (; i < mTexShareNum; i++) {
strcpy(sp48, (char*)dataPos);
SAFE_STRCPY(sp48, (char*)dataPos);
int len = strlen((char*)dataPos);
dataPos += len + 1;
if (*dataPos != 0) {
strcpy(sp8, (char*)dataPos);
SAFE_STRCPY(sp8, (char*)dataPos);
dataPos += strlen((char*)dataPos) + 1;
} else if (*dataPos == 0 && dataPos[1] == 1) {
dataPos += 2;
@@ -646,14 +647,14 @@ void daBgObj_c::doShareTexture() {
u8* spec_res_name = mSpecData.mpTexShareBlock + 8;
for (int i = 0; i < mSpecData.mTexShareNum; i++) {
strcpy(res_name, (char*)spec_res_name);
SAFE_STRCPY(res_name, (char*)spec_res_name);
spec_res_name += strlen((char*)spec_res_name) + 1;
J3DModelData* modelData =
(J3DModelData*)dComIfG_getObjectRes(daSetBgObj_c::getArcName(this), res_name);
if (*spec_res_name != 0) {
strcpy(share_res_name, (char*)spec_res_name);
SAFE_STRCPY(share_res_name, (char*)spec_res_name);
spec_res_name += strlen((char*)spec_res_name) + 1;
J3DModelData* shareModelData =