edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-19 14:38:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix clang-analyzer-security.insecureAPI.strcpy

Browse source 
/media/ddnet/src/engine/server/sql_string_helpers.cpp:74:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
This commit is contained in:
def 2020-10-12 18:31:55 +02:00
parent 98d4baabed
commit 0867424749
3 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/engine/server/sql_string_helpers.cpp
View file

@ -40,7 +40,7 @@ int sqlstr::EscapeLike(char *pDst, const char *pSrc, int DstSize)
return DstPos;
}
void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString)
void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString, int Size)
{
char aBuf[20];
int aTimes[7] =
@ -71,7 +71,7 @@ void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString)
for(i = 0; i < 7; i++)
{
Seconds = aTimes[i];
strcpy(aName, aaNames[i]);
str_copy(aName, aaNames[i], sizeof(aName));
Count = floor((float)AgoTime / (float)Seconds);
if(Count != 0)
@ -88,14 +88,14 @@ void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString)
{
str_format(aBuf, sizeof(aBuf), "%d %ss", Count, aName);
}
strcat(pAgoString, aBuf);
str_append(pAgoString, aBuf, Size);
if(i + 1 < 7)
{
// getting second piece now
int Seconds2 = aTimes[i + 1];
char aName2[6];
strcpy(aName2, aaNames[i + 1]);
str_copy(aName2, aaNames[i + 1], sizeof(aName2));
// add second piece if it's greater than 0
int Count2 = floor((float)(AgoTime - (Seconds * Count)) / (float)Seconds2);
@ -110,7 +110,7 @@ void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString)
{
str_format(aBuf, sizeof(aBuf), " and %d %ss", Count2, aName2);
}
strcat(pAgoString, aBuf);
str_append(pAgoString, aBuf, Size);
}
}
}

2
src/engine/server/sql_string_helpers.h
View file

@ -8,7 +8,7 @@ void FuzzyString(char *pString, int size);
// written number of added bytes
int EscapeLike(char *pDst, const char *pSrc, int DstSize);
void AgoTimeToString(int agoTime, char *pAgoString);
void AgoTimeToString(int agoTime, char *pAgoString, int Size);
} // namespace sqlstr

6
src/game/server/score.cpp
View file

@ -399,7 +399,7 @@ bool CScore::MapInfoThread(IDbConnection *pSqlServer, const ISqlData *pGameData)
char aReleasedString[60] = "\0";
if(Stamp != 0)
{
sqlstr::AgoTimeToString(Ago, aAgoString);
sqlstr::AgoTimeToString(Ago, aAgoString, sizeof(aAgoString));
str_format(aReleasedString, sizeof(aReleasedString), ", released %s ago", aAgoString);
}
@ -986,7 +986,7 @@ bool CScore::ShowTimesThread(IDbConnection *pSqlServer, const ISqlData *pGameDat
int Stamp = pSqlServer->GetInt(3);
char aAgoString[40] = "\0";
sqlstr::AgoTimeToString(Ago, aAgoString);
sqlstr::AgoTimeToString(Ago, aAgoString, sizeof(aAgoString));
if(pData->m_Name[0] != '\0') // last 5 times of a player
{
@ -1550,7 +1550,7 @@ bool CScore::GetSavesThread(IDbConnection *pSqlServer, const ISqlData *pGameData
char aLastSavedString[60] = "\0";
if(Ago)
{
sqlstr::AgoTimeToString(Ago, aAgoString);
sqlstr::AgoTimeToString(Ago, aAgoString, sizeof(aAgoString));
str_format(aLastSavedString, sizeof(aLastSavedString), ", last saved %s ago", aAgoString);
}