From 9a33f5bfb221170e823efd3c33ab5d331baf7c74 Mon Sep 17 00:00:00 2001 From: dholland Date: Sun, 7 Jun 2009 20:13:18 +0000 Subject: [PATCH] sprintf -> snprintf, plus some use of strlcpy/strlcat where appropriate XXX: there's still one sprintf left which will take some hacking to expunge. --- hack/extern.h | 4 +- hack/hack.do_name.c | 18 ++--- hack/hack.eat.c | 7 +- hack/hack.end.c | 122 +++++++++++++++++++----------- hack/hack.fight.c | 9 ++- hack/hack.invent.c | 8 +- hack/hack.main.c | 6 +- hack/hack.objnam.c | 178 ++++++++++++++++++++++++++------------------ hack/hack.options.c | 25 ++++--- hack/hack.pri.c | 42 +++++++---- hack/hack.rip.c | 10 +-- hack/hack.shk.c | 12 +-- hack/hack.topl.c | 8 +- hack/hack.unix.c | 6 +- 14 files changed, 274 insertions(+), 181 deletions(-) diff --git a/hack/extern.h b/hack/extern.h index 18cd2540..cb1de38e 100644 --- a/hack/extern.h +++ b/hack/extern.h @@ -1,4 +1,4 @@ -/* $NetBSD: extern.h,v 1.10 2009/05/06 02:59:12 ginsbach Exp $ */ +/* $NetBSD: extern.h,v 1.11 2009/06/07 20:13:18 dholland Exp $ */ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. @@ -356,7 +356,7 @@ char *sitoa(int); char *typename(int); char *xname(struct obj *); char *doname(struct obj *); -void setan(const char *, char *); +void setan(const char *, char *, size_t); char *aobjnam(struct obj *, const char *); char *Doname(struct obj *); struct obj *readobjnam(char *); diff --git a/hack/hack.do_name.c b/hack/hack.do_name.c index e29e4d20..21ee4275 100644 --- a/hack/hack.do_name.c +++ b/hack/hack.do_name.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.do_name.c,v 1.8 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.do_name.c,v 1.9 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.do_name.c,v 1.8 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.do_name.c,v 1.9 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -268,7 +268,7 @@ xmonnam(struct monst *mtmp, int vb) { static char buf[BUFSZ]; /* %% */ if (mtmp->mnamelth && !vb) { - (void) strcpy(buf, NAME(mtmp)); + (void) strlcpy(buf, NAME(mtmp), sizeof(buf)); return (buf); } switch (mtmp->data->mlet) { @@ -281,23 +281,23 @@ xmonnam(struct monst *mtmp, int vb) (void) strcpy((char *) mtmp->mextra, !rn2(5) ? plname : gn); } - (void) sprintf(buf, "%s's ghost", gn); + (void) snprintf(buf, sizeof(buf), "%s's ghost", gn); } break; case '@': if (mtmp->isshk) { - (void) strcpy(buf, shkname(mtmp)); + (void) strlcpy(buf, shkname(mtmp), sizeof(buf)); break; } /* fall into next case */ default: - (void) sprintf(buf, "the %s%s", + (void) snprintf(buf, sizeof(buf), "the %s%s", mtmp->minvis ? "invisible " : "", mtmp->data->mname); } if (vb && mtmp->mnamelth) { - (void) strcat(buf, " called "); - (void) strcat(buf, NAME(mtmp)); + (void) strlcat(buf, " called ", sizeof(buf)); + (void) strlcat(buf, NAME(mtmp), sizeof(buf)); } return (buf); } @@ -331,7 +331,7 @@ amonnam(struct monst *mtmp, const char *adj) if (!strncmp(bp, "the ", 4)) bp += 4; - (void) sprintf(buf, "the %s %s", adj, bp); + (void) snprintf(buf, sizeof(buf), "the %s %s", adj, bp); return (buf); } diff --git a/hack/hack.eat.c b/hack/hack.eat.c index 9cd24b22..b0c01f34 100644 --- a/hack/hack.eat.c +++ b/hack/hack.eat.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.eat.c,v 1.7 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.eat.c,v 1.8 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.eat.c,v 1.7 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.eat.c,v 1.8 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include "hack.h" @@ -330,7 +330,8 @@ gotit: eatx: if (multi < 0 && !nomovemsg) { static char msgbuf[BUFSZ]; - (void) sprintf(msgbuf, "You finished eating the %s.", + (void) snprintf(msgbuf, sizeof(msgbuf), + "You finished eating the %s.", ftmp->oc_name); nomovemsg = msgbuf; } diff --git a/hack/hack.end.c b/hack/hack.end.c index bb9f59e9..f2fcf0de 100644 --- a/hack/hack.end.c +++ b/hack/hack.end.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.end.c,v 1.11 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.end.c,v 1.12 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.end.c,v 1.11 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.end.c,v 1.12 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -71,7 +71,7 @@ __RCSID("$NetBSD: hack.end.c,v 1.11 2009/06/07 18:30:39 dholland Exp $"); #include #include "hack.h" #include "extern.h" -#define Sprintf (void) sprintf +#define Snprintf (void) snprintf xchar maxdlevel = 1; @@ -127,14 +127,15 @@ done_in_by(struct monst *mtmp) static char buf[BUFSZ]; pline("You die ..."); if (mtmp->data->mlet == ' ') { - Sprintf(buf, "the ghost of %s", (char *) mtmp->mextra); + Snprintf(buf, sizeof(buf), + "the ghost of %s", (char *) mtmp->mextra); killer = buf; } else if (mtmp->mnamelth) { - Sprintf(buf, "%s called %s", + Snprintf(buf, sizeof(buf), "%s called %s", mtmp->data->mname, NAME(mtmp)); killer = buf; } else if (mtmp->minvis) { - Sprintf(buf, "invisible %s", mtmp->data->mname); + Snprintf(buf, sizeof(buf), "invisible %s", mtmp->data->mname); killer = buf; } else killer = mtmp->data->mname; @@ -490,92 +491,127 @@ outheader(void) puts(linebuf); } -/* so>0: standout line; so=0: ordinary line; so<0: no output, return lth */ +/* so>0: standout line; so=0: ordinary line; so<0: no output, return length */ int outentry(int rank, struct toptenentry *t1, int so) { boolean quit = FALSE, gotkilled = FALSE, starv = FALSE; char linebuf[BUFSZ]; + size_t pos; + + linebuf[0] = '\0'; + pos = 0; - linebuf[0] = 0; if (rank) - Sprintf(eos(linebuf), "%3d", rank); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, "%3d", rank); else - Sprintf(eos(linebuf), " "); - Sprintf(eos(linebuf), " %6ld %8s", t1->points, t1->name); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, " "); + pos = strlen(linebuf); + + Snprintf(linebuf+pos, sizeof(linebuf)-pos, " %6ld %8s", + t1->points, t1->name); + pos = strlen(linebuf); + if (t1->plchar == 'X') - Sprintf(eos(linebuf), " "); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, " "); else - Sprintf(eos(linebuf), "-%c ", t1->plchar); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, "-%c ", t1->plchar); + pos = strlen(linebuf); + if (!strncmp("escaped", t1->death, 7)) { if (!strcmp(" (with amulet)", t1->death + 7)) - Sprintf(eos(linebuf), "escaped the dungeon with amulet"); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "escaped the dungeon with amulet"); else - Sprintf(eos(linebuf), "escaped the dungeon [max level %d]", + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "escaped the dungeon [max level %d]", t1->maxlvl); + pos = strlen(linebuf); } else { if (!strncmp(t1->death, "quit", 4)) { quit = TRUE; if (t1->maxhp < 3 * t1->hp && t1->maxlvl < 4) - Sprintf(eos(linebuf), "cravenly gave up"); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "cravenly gave up"); else - Sprintf(eos(linebuf), "quit"); - } else if (!strcmp(t1->death, "choked")) - Sprintf(eos(linebuf), "choked on %s food", + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "quit"); + } else if (!strcmp(t1->death, "choked")) { + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "choked on %s food", (t1->sex == 'F') ? "her" : "his"); - else if (!strncmp(t1->death, "starv", 5)) - Sprintf(eos(linebuf), "starved to death"), starv = TRUE; - else - Sprintf(eos(linebuf), "was killed"), gotkilled = TRUE; - Sprintf(eos(linebuf), " on%s level %d", + } else if (!strncmp(t1->death, "starv", 5)) { + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "starved to death"); + starv = TRUE; + } else { + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "was killed"); + gotkilled = TRUE; + } + pos = strlen(linebuf); + + Snprintf(linebuf+pos, sizeof(linebuf)-pos, " on%s level %d", (gotkilled || starv) ? "" : " dungeon", t1->level); + pos = strlen(linebuf); + if (t1->maxlvl != t1->level) - Sprintf(eos(linebuf), " [max %d]", t1->maxlvl); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + " [max %d]", t1->maxlvl); + pos = strlen(linebuf); + if (quit && t1->death[4]) - Sprintf(eos(linebuf), t1->death + 4); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + "%s", t1->death + 4); + pos = strlen(linebuf); } - if (gotkilled) - Sprintf(eos(linebuf), " by %s%s", + if (gotkilled) { + Snprintf(linebuf+pos, sizeof(linebuf)-pos, " by %s%s", (!strncmp(t1->death, "trick", 5) || !strncmp(t1->death, "the ", 4)) ? "" : strchr(vowels, *t1->death) ? "an " : "a ", t1->death); - Sprintf(eos(linebuf), "."); + pos = strlen(linebuf); + } + strlcat(linebuf, ".", sizeof(linebuf)); + pos = strlen(linebuf); if (t1->maxhp) { - char *bp = eos(linebuf); char hpbuf[10]; - int hppos; - Sprintf(hpbuf, (t1->hp > 0) ? itoa(t1->hp) : "-"); + unsigned hppos; + + strlcpy(hpbuf, (t1->hp > 0) ? itoa(t1->hp) : "-", sizeof(hpbuf)); hppos = COLNO - 7 - strlen(hpbuf); - if (bp <= linebuf + hppos) { - while (bp < linebuf + hppos) - *bp++ = ' '; - (void) strcpy(bp, hpbuf); - Sprintf(eos(bp), " [%d]", t1->maxhp); + if (pos <= hppos) { + while (pos < hppos) + linebuf[pos++] = ' '; + (void) strlcpy(linebuf+pos, hpbuf, sizeof(linebuf)-pos); + pos = strlen(linebuf); + Snprintf(linebuf+pos, sizeof(linebuf)-pos, + " [%d]", t1->maxhp); + pos = strlen(linebuf); } } if (so == 0) puts(linebuf); else if (so > 0) { - char *bp = eos(linebuf); if (so >= COLNO) so = COLNO - 1; - while (bp < linebuf + so) - *bp++ = ' '; - *bp = 0; + while (pos < (unsigned)so) + linebuf[pos++] = ' '; + linebuf[pos] = '\0'; standoutbeg(); fputs(linebuf, stdout); standoutend(); (void) putchar('\n'); } - return (strlen(linebuf)); + return /*(strlen(linebuf))*/ pos; } char * itoa(int a) { static char buf[12]; - Sprintf(buf, "%d", a); + Snprintf(buf, sizeof(buf), "%d", a); return (buf); } diff --git a/hack/hack.fight.c b/hack/hack.fight.c index 9d490408..33dd6010 100644 --- a/hack/hack.fight.c +++ b/hack/hack.fight.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.fight.c,v 1.9 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.fight.c,v 1.10 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.fight.c,v 1.9 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.fight.c,v 1.10 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include "hack.h" @@ -101,7 +101,7 @@ hitmm(struct monst *magr, struct monst *mdef) seemimic(mdef); if (magr->mimic) seemimic(magr); - (void) sprintf(buf, "%s %s", Monnam(magr), + (void) snprintf(buf, sizeof(buf), "%s %s", Monnam(magr), didhit ? "hits" : "misses"); pline("%s %s.", buf, monnam(mdef)); } else { @@ -191,7 +191,8 @@ int thitu(int tlev, int dam, const char *name) { char buf[BUFSZ]; - setan(name, buf); + + setan(name, buf, sizeof(buf)); if (u.uac + tlev <= rnd(20)) { if (Blind) pline("It misses."); diff --git a/hack/hack.invent.c b/hack/hack.invent.c index 6bb41c0f..8b1e7cc8 100644 --- a/hack/hack.invent.c +++ b/hack/hack.invent.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.invent.c,v 1.11 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.invent.c,v 1.12 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.invent.c,v 1.11 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.invent.c,v 1.12 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -703,7 +703,7 @@ xprname(struct obj *obj, char let) { static char li[BUFSZ]; - (void) sprintf(li, "%c - %s.", + (void) snprintf(li, sizeof(li), "%c - %s.", flags.invlet_constant ? obj->invlet : let, doname(obj)); return (li); @@ -866,7 +866,7 @@ dolook(void) if (gold) { char gbuf[30]; - (void) sprintf(gbuf, "%ld gold piece%s", + (void) snprintf(gbuf, sizeof(gbuf), "%ld gold piece%s", gold->amount, plur(gold->amount)); if (!ct++) pline("You %s here %s.", verb, gbuf); diff --git a/hack/hack.main.c b/hack/hack.main.c index be76bc55..28eec738 100644 --- a/hack/hack.main.c +++ b/hack/hack.main.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.main.c,v 1.11 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.main.c,v 1.12 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.main.c,v 1.11 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.main.c,v 1.12 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -306,7 +306,7 @@ main(int argc, char *argv[]) } #endif setftty(); - (void) sprintf(SAVEF, "save/%d%s", getuid(), plname); + (void) snprintf(SAVEF, sizeof(SAVEF), "save/%d%s", getuid(), plname); regularize(SAVEF + 5); /* avoid . or / in name */ if ((fd = open(SAVEF, O_RDONLY)) >= 0 && (uptodate(fd) || unlink(SAVEF) == 666)) { diff --git a/hack/hack.objnam.c b/hack/hack.objnam.c index f7857918..d2123e45 100644 --- a/hack/hack.objnam.c +++ b/hack/hack.objnam.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.objnam.c,v 1.8 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.objnam.c,v 1.9 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,13 +63,13 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.objnam.c,v 1.8 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.objnam.c,v 1.9 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include #include "hack.h" #include "extern.h" -#define Sprintf (void) sprintf +#define Snprintf (void) snprintf #define Strcat (void) strcat #define Strcpy (void) strcpy #define PREFIX 15 @@ -91,7 +91,7 @@ char * sitoa(int a) { static char buf[13]; - Sprintf(buf, (a < 0) ? "%d" : "+%d", a); + Snprintf(buf, sizeof(buf), (a < 0) ? "%d" : "+%d", a); return (buf); } @@ -99,6 +99,7 @@ char * typename(int otyp) { static char buf[BUFSZ]; + size_t bufpos; struct objclass *ocl = &objects[otyp]; const char *an = ocl->oc_name; const char *dn = ocl->oc_descr; @@ -122,26 +123,42 @@ typename(int otyp) Strcpy(buf, an); if (otyp >= TURQUOISE && otyp <= JADE) Strcat(buf, " stone"); - if (un) - Sprintf(eos(buf), " called %s", un); - if (dn) - Sprintf(eos(buf), " (%s)", dn); + if (un) { + bufpos = strlen(buf); + Snprintf(buf+bufpos, sizeof(buf)-bufpos, + " called %s", un); + } + if (dn) { + bufpos = strlen(buf); + Snprintf(buf+bufpos, sizeof(buf)-bufpos, + " (%s)", dn); + } } else { - Strcpy(buf, dn ? dn : an); - if (ocl->oc_olet == GEM_SYM) - Strcat(buf, " gem"); - if (un) - Sprintf(eos(buf), " called %s", un); + strlcpy(buf, dn ? dn : an, sizeof(buf)); + if (ocl->oc_olet == GEM_SYM) { + strlcat(buf, " gem", sizeof(buf)); + } + if (un) { + bufpos = strlen(buf); + Snprintf(buf+bufpos, sizeof(buf)-bufpos, + " called %s", un); + } } return (buf); } /* here for ring/scroll/potion/wand */ - if (nn) - Sprintf(eos(buf), " of %s", an); - if (un) - Sprintf(eos(buf), " called %s", un); - if (dn) - Sprintf(eos(buf), " (%s)", dn); + if (nn) { + bufpos = strlen(buf); + Snprintf(buf+bufpos, sizeof(buf)-bufpos, " of %s", an); + } + if (un) { + bufpos = strlen(buf); + Snprintf(buf+bufpos, sizeof(buf)-bufpos, " called %s", un); + } + if (dn) { + bufpos = strlen(buf); + Snprintf(buf+bufpos, sizeof(buf)-bufpos, " (%s)", dn); + } return (buf); } @@ -149,12 +166,15 @@ char * xname(struct obj *obj) { static char bufr[BUFSZ]; + /* caution: doname() and aobjnam() below "know" these sizes */ char *buf = &(bufr[PREFIX]); /* leave room for "17 -3 " */ + size_t bufmax = sizeof(bufr) - PREFIX; int nn = objects[obj->otyp].oc_name_known; const char *an = objects[obj->otyp].oc_name; const char *dn = objects[obj->otyp].oc_descr; char *un = objects[obj->otyp].oc_uname; int pl = (obj->quan != 1); + if (!obj->dknown && !Blind) obj->dknown = 1;/* %% doesnt belong here */ switch (obj->olet) { @@ -165,10 +185,10 @@ xname(struct obj *obj) break; case TOOL_SYM: if (!nn) { - Strcpy(buf, dn); + strlcpy(buf, dn, bufmax); break; } - Strcpy(buf, an); + strlcpy(buf, an, bufmax); break; case FOOD_SYM: if (obj->otyp == DEAD_HOMUNCULUS && pl) { @@ -193,10 +213,10 @@ xname(struct obj *obj) case ARMOR_SYM: case CHAIN_SYM: case ROCK_SYM: - Strcpy(buf, an); + strlcpy(buf, an, bufmax); break; case BALL_SYM: - Sprintf(buf, "%sheavy iron ball", + Snprintf(buf, bufmax, "%sheavy iron ball", (obj->owt > objects[obj->otyp].oc_weight) ? "very " : ""); break; case POTION_SYM: @@ -210,14 +230,14 @@ xname(struct obj *obj) break; if (un) { Strcat(buf, " called "); - Strcat(buf, un); + strlcat(buf, un, bufmax); } else { Strcat(buf, " of "); - Strcat(buf, an); + strlcat(buf, an, bufmax); } } else { - Strcpy(buf, dn); - Strcat(buf, " potion"); + strlcpy(buf, dn, bufmax); + strlcat(buf, " potion", bufmax); } break; case SCROLL_SYM: @@ -230,34 +250,34 @@ xname(struct obj *obj) break; if (nn) { Strcat(buf, " of "); - Strcat(buf, an); + strlcat(buf, an, bufmax); } else if (un) { Strcat(buf, " called "); - Strcat(buf, un); + strlcat(buf, un, bufmax); } else { Strcat(buf, " labeled "); - Strcat(buf, dn); + strlcat(buf, dn, bufmax); } break; case WAND_SYM: if (!obj->dknown) - Sprintf(buf, "wand"); + Snprintf(buf, bufmax, "wand"); else if (nn) - Sprintf(buf, "wand of %s", an); + Snprintf(buf, bufmax, "wand of %s", an); else if (un) - Sprintf(buf, "wand called %s", un); + Snprintf(buf, bufmax, "wand called %s", un); else - Sprintf(buf, "%s wand", dn); + Snprintf(buf, bufmax, "%s wand", dn); break; case RING_SYM: if (!obj->dknown) - Sprintf(buf, "ring"); + Snprintf(buf, bufmax, "ring"); else if (nn) - Sprintf(buf, "ring of %s", an); + Snprintf(buf, bufmax, "ring of %s", an); else if (un) - Sprintf(buf, "ring called %s", un); + Snprintf(buf, bufmax, "ring called %s", un); else - Sprintf(buf, "%s ring", dn); + Snprintf(buf, bufmax, "%s ring", dn); break; case GEM_SYM: if (!obj->dknown) { @@ -265,15 +285,15 @@ xname(struct obj *obj) break; } if (!nn) { - Sprintf(buf, "%s gem", dn); + Snprintf(buf, bufmax, "%s gem", dn); break; } - Strcpy(buf, an); + strlcpy(buf, an, bufmax); if (obj->otyp >= TURQUOISE && obj->otyp <= JADE) - Strcat(buf, " stone"); + strlcat(buf, " stone", bufmax); break; default: - Sprintf(buf, "glorkum %c (0%o) %u %d", + Snprintf(buf, bufmax, "glorkum %c (0%o) %u %d", obj->olet, obj->olet, obj->otyp, obj->spe); } if (pl) { @@ -294,17 +314,21 @@ xname(struct obj *obj) } p = eos(buf) - 1; if (*p == 's' || *p == 'z' || *p == 'x' || - (*p == 'h' && p[-1] == 's')) - Strcat(buf, "es"); /* boxes */ - else if (*p == 'y' && !strchr(vowels, p[-1])) - Strcpy(p, "ies"); /* rubies, zruties */ - else - Strcat(buf, "s"); + (*p == 'h' && p[-1] == 's')) { + /* boxes */ + strlcat(buf, "es", bufmax); + } else if (*p == 'y' && !strchr(vowels, p[-1])) { + /* rubies, zruties */ + *p = '\0'; + strlcat(buf, "ies", bufmax); + } else { + strlcat(buf, "s", bufmax); + } } nopl: if (obj->onamelth) { - Strcat(buf, " named "); - Strcat(buf, ONAME(obj)); + strlcat(buf, " named ", bufmax); + strlcat(buf, ONAME(obj), bufmax); } return (buf); } @@ -314,8 +338,13 @@ doname(struct obj *obj) { char prefix[PREFIX]; char *bp = xname(obj); + size_t bppos, bpmax; + + /* XXX do this better somehow w/o knowing internals of xname() */ + bpmax = BUFSZ - PREFIX; + if (obj->quan != 1) - Sprintf(prefix, "%u ", obj->quan); + Snprintf(prefix, sizeof(prefix), "%u ", obj->quan); else Strcpy(prefix, "a "); switch (obj->olet) { @@ -325,33 +354,35 @@ doname(struct obj *obj) break; case ARMOR_SYM: if (obj->owornmask & W_ARMOR) - Strcat(bp, " (being worn)"); + strlcat(bp, " (being worn)", bpmax); /* fall into next case */ case WEAPON_SYM: if (obj->known) { - Strcat(prefix, sitoa(obj->spe)); - Strcat(prefix, " "); + strlcat(prefix, sitoa(obj->spe), sizeof(prefix)); + strlcat(prefix, " ", sizeof(prefix)); } break; case WAND_SYM: - if (obj->known) - Sprintf(eos(bp), " (%d)", obj->spe); + if (obj->known) { + bppos = strlen(bp); + Snprintf(bp+bppos, bpmax-bppos, " (%d)", obj->spe); + } break; case RING_SYM: if (obj->owornmask & W_RINGR) - Strcat(bp, " (on right hand)"); + strlcat(bp, " (on right hand)", bpmax); if (obj->owornmask & W_RINGL) - Strcat(bp, " (on left hand)"); + strlcat(bp, " (on left hand)", bpmax); if (obj->known && (objects[obj->otyp].bits & SPEC)) { - Strcat(prefix, sitoa(obj->spe)); - Strcat(prefix, " "); + strlcat(prefix, sitoa(obj->spe), sizeof(prefix)); + strlcat(prefix, " ", sizeof(prefix)); } break; } if (obj->owornmask & W_WEP) - Strcat(bp, " (weapon in hand)"); + strlcat(bp, " (weapon in hand)", bpmax); if (obj->unpaid) - Strcat(bp, " (unpaid)"); + strlcat(bp, " (unpaid)", bpmax); if (!strcmp(prefix, "a ") && strchr(vowels, *bp)) Strcpy(prefix, "an "); bp = strprepend(bp, prefix); @@ -360,12 +391,12 @@ doname(struct obj *obj) /* used only in hack.fight.c (thitu) */ void -setan(const char *str, char *buf) +setan(const char *str, char *buf, size_t bufmax) { if (strchr(vowels, *str)) - Sprintf(buf, "an %s", str); + Snprintf(buf, bufmax, "an %s", str); else - Sprintf(buf, "a %s", str); + Snprintf(buf, bufmax, "a %s", str); } char * @@ -373,20 +404,25 @@ aobjnam(struct obj *otmp, const char *verb) { char *bp = xname(otmp); char prefix[PREFIX]; + size_t bpmax; + + /* XXX do this better somehow w/o knowing internals of xname() */ + bpmax = BUFSZ - PREFIX; + if (otmp->quan != 1) { - Sprintf(prefix, "%u ", otmp->quan); + Snprintf(prefix, sizeof(prefix), "%u ", otmp->quan); bp = strprepend(bp, prefix); } if (verb) { /* verb is given in plural (i.e., without trailing s) */ - Strcat(bp, " "); + strlcat(bp, " ", bpmax); if (otmp->quan != 1) - Strcat(bp, verb); + strlcat(bp, verb, bpmax); else if (!strcmp(verb, "are")) - Strcat(bp, "is"); + strlcat(bp, "is", bpmax); else { - Strcat(bp, verb); - Strcat(bp, "s"); + strlcat(bp, verb, bpmax); + strlcat(bp, "s", bpmax); } } return (bp); diff --git a/hack/hack.options.c b/hack/hack.options.c index b03454aa..e01a0d04 100644 --- a/hack/hack.options.c +++ b/hack/hack.options.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.options.c,v 1.8 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.options.c,v 1.9 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.options.c,v 1.8 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.options.c,v 1.9 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -237,7 +237,8 @@ bad: int doset(void) { - char buf[BUFSZ]; + char buf[BUFSZ]; + size_t pos; pline("What options do you want to set? "); getlin(buf); @@ -245,22 +246,24 @@ doset(void) (void) strcpy(buf, "HACKOPTIONS="); (void) strcat(buf, flags.female ? "female," : "male,"); if (flags.standout) - (void) strcat(buf, "standout,"); + (void) strlcat(buf, "standout,", sizeof(buf)); if (flags.nonull) - (void) strcat(buf, "nonull,"); + (void) strlcat(buf, "nonull,", sizeof(buf)); if (flags.nonews) - (void) strcat(buf, "nonews,"); + (void) strlcat(buf, "nonews,", sizeof(buf)); if (flags.time) - (void) strcat(buf, "time,"); + (void) strlcat(buf, "time,", sizeof(buf)); if (flags.notombstone) - (void) strcat(buf, "notombstone,"); + (void) strlcat(buf, "notombstone,", sizeof(buf)); if (flags.no_rest_on_space) - (void) strcat(buf, "!rest_on_space,"); + (void) strlcat(buf, "!rest_on_space,", sizeof(buf)); if (flags.end_top != 5 || flags.end_around != 4 || flags.end_own) { - (void) sprintf(eos(buf), "endgame: %u topscores/%u around me", + pos = strlen(buf); + (void) snprintf(buf+pos, sizeof(buf)-pos, + "endgame: %u topscores/%u around me", flags.end_top, flags.end_around); if (flags.end_own) - (void) strcat(buf, "/own scores"); + (void) strlcat(buf, "/own scores", sizeof(buf)); } else { char *eop = eos(buf); if (*--eop == ',') diff --git a/hack/hack.pri.c b/hack/hack.pri.c index 52c768af..17c70f1e 100644 --- a/hack/hack.pri.c +++ b/hack/hack.pri.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.pri.c,v 1.10 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.pri.c,v 1.11 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.pri.c,v 1.10 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.pri.c,v 1.11 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include "hack.h" @@ -712,33 +712,47 @@ bot(void) { char *ob = oldbot, *nb = newbot; int i; + size_t pos; + if (flags.botlx) *ob = 0; flags.botl = flags.botlx = 0; #ifdef GOLD_ON_BOTL - (void) sprintf(newbot, + (void) snprintf(newbot, sizeof(newbot), "Level %-2d Gold %-5lu Hp %3d(%d) Ac %-2d Str ", dlevel, u.ugold, u.uhp, u.uhpmax, u.uac); #else - (void) sprintf(newbot, + (void) snprintf(newbot, sizeof(newbot), "Level %-2d Hp %3d(%d) Ac %-2d Str ", dlevel, u.uhp, u.uhpmax, u.uac); #endif /* GOLD_ON_BOTL */ if (u.ustr > 18) { if (u.ustr > 117) - (void) strcat(newbot, "18/**"); - else - (void) sprintf(eos(newbot), "18/%02d", u.ustr - 18); - } else - (void) sprintf(eos(newbot), "%-2d ", u.ustr); + (void) strlcat(newbot, "18/**", sizeof(newbot)); + else { + pos = strlen(newbot); + (void) snprintf(newbot+pos, sizeof(newbot)-pos, + "18/%02d", u.ustr - 18); + } + } else { + pos = strlen(newbot); + (void) snprintf(newbot+pos, sizeof(newbot)-pos, + "%-2d ", u.ustr); + } + pos = strlen(newbot); #ifdef EXP_ON_BOTL - (void) sprintf(eos(newbot), " Exp %2d/%-5lu ", u.ulevel, u.uexp); + (void) snprintf(newbot+pos, sizeof(newbot)-pos, + " Exp %2d/%-5lu ", u.ulevel, u.uexp); #else - (void) sprintf(eos(newbot), " Exp %2u ", u.ulevel); + (void) snprintf(newbot+pos, sizeof(newbot)-pos, + " Exp %2u ", u.ulevel); #endif /* EXP_ON_BOTL */ - (void) strcat(newbot, hu_stat[u.uhs]); - if (flags.time) - (void) sprintf(eos(newbot), " %ld", moves); + (void) strlcat(newbot, hu_stat[u.uhs], sizeof(newbot)); + if (flags.time) { + pos = strlen(newbot); + (void) snprintf(newbot+pos, sizeof(newbot)-pos, + " %ld", moves); + } if (strlen(newbot) >= COLNO) { char *bp0, *bp1; bp0 = bp1 = newbot; diff --git a/hack/hack.rip.c b/hack/hack.rip.c index 575aa02d..a27735ee 100644 --- a/hack/hack.rip.c +++ b/hack/hack.rip.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.rip.c,v 1.9 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.rip.c,v 1.10 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.rip.c,v 1.9 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.rip.c,v 1.10 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include "hack.h" @@ -94,9 +94,9 @@ outrip(void) (void) strcpy(buf, plname); buf[16] = 0; center(6, buf); - (void) sprintf(buf, "%ld AU", u.ugold); + (void) snprintf(buf, sizeof(buf), "%ld AU", u.ugold); center(7, buf); - (void) sprintf(buf, "killed by%s", + (void) snprintf(buf, sizeof(buf), "killed by%s", !strncmp(killer, "the ", 4) ? "" : !strcmp(killer, "starvation") ? "" : strchr(vowels, *killer) ? " an" : " a"); @@ -118,7 +118,7 @@ outrip(void) center(9, buf); center(10, buf + i1); } - (void) sprintf(buf, "%4d", getyear()); + (void) snprintf(buf, sizeof(buf), "%4d", getyear()); center(11, buf); puts(ripbot); getret(); diff --git a/hack/hack.shk.c b/hack/hack.shk.c index c24ecdc4..356a37f1 100644 --- a/hack/hack.shk.c +++ b/hack/hack.shk.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.shk.c,v 1.9 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.shk.c,v 1.10 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.shk.c,v 1.9 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.shk.c,v 1.10 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -816,17 +816,19 @@ doinvbill(int mode) thisused = bp->price * uquan; totused += thisused; obj->quan = uquan; /* cheat doname */ - (void) sprintf(buf, "x - %s", doname(obj)); + (void) snprintf(buf, sizeof(buf), + "x - %s", doname(obj)); obj->quan = oquan; /* restore value */ for (cnt = 0; buf[cnt]; cnt++); while (cnt < 50) buf[cnt++] = ' '; - (void) sprintf(&buf[cnt], " %5ld zorkmids", thisused); + (void) snprintf(buf+cnt, sizeof(buf)-cnt, + " %5ld zorkmids", thisused); if (page_line(buf)) goto quit; } } - (void) sprintf(buf, "Total:%50ld zorkmids", totused); + (void) snprintf(buf, sizeof(buf), "Total:%50ld zorkmids", totused); if (page_line("") || page_line(buf)) goto quit; set_pager(1); diff --git a/hack/hack.topl.c b/hack/hack.topl.c index a9550c8f..80962902 100644 --- a/hack/hack.topl.c +++ b/hack/hack.topl.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.topl.c,v 1.9 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.topl.c,v 1.10 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.topl.c,v 1.9 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.topl.c,v 1.10 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ #include @@ -217,9 +217,9 @@ vpline(const char *line, va_list ap) if (!line || !*line) return; if (!strchr(line, '%')) - (void) strcpy(pbuf, line); + (void) strlcpy(pbuf, line, sizeof(pbuf)); else - (void) vsprintf(pbuf, line, ap); + (void) vsnprintf(pbuf, sizeof(pbuf), line, ap); if (flags.toplin == 1 && !strcmp(pbuf, toplines)) return; nscr(); /* %% */ diff --git a/hack/hack.unix.c b/hack/hack.unix.c index 23425ef5..11cd9392 100644 --- a/hack/hack.unix.c +++ b/hack/hack.unix.c @@ -1,4 +1,4 @@ -/* $NetBSD: hack.unix.c,v 1.11 2009/06/07 18:30:39 dholland Exp $ */ +/* $NetBSD: hack.unix.c,v 1.12 2009/06/07 20:13:18 dholland Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -63,7 +63,7 @@ #include #ifndef lint -__RCSID("$NetBSD: hack.unix.c,v 1.11 2009/06/07 18:30:39 dholland Exp $"); +__RCSID("$NetBSD: hack.unix.c,v 1.12 2009/06/07 20:13:18 dholland Exp $"); #endif /* not lint */ /* This file collects some Unix dependencies; hack.pager.c contains some more */ @@ -123,7 +123,7 @@ getdatestr(void) static char datestr[7]; struct tm *lt = getlt(); - (void) sprintf(datestr, "%02d%02d%02d", + (void) snprintf(datestr, sizeof(datestr), "%02d%02d%02d", lt->tm_year % 100, lt->tm_mon + 1, lt->tm_mday); return (datestr); } -- 2.47.1