From 5aaa72e10a6a263ff5ca25c265c9a159a0346ebd Mon Sep 17 00:00:00 2001 From: GenericHeroGuy Date: Wed, 25 Jun 2025 23:26:32 +0200 Subject: [PATCH] Sanitize bgname and ttname --- src/deh_soc.c | 6 ++-- src/f_finale.c | 74 ++++++++++++++++++++++++-------------------------- src/f_finale.h | 8 ++++-- src/m_menu.c | 8 +++--- src/m_menu.h | 6 ++-- 5 files changed, 52 insertions(+), 50 deletions(-) diff --git a/src/deh_soc.c b/src/deh_soc.c index ef22177d8..81e5f2c0b 100644 --- a/src/deh_soc.c +++ b/src/deh_soc.c @@ -2145,7 +2145,7 @@ void readmenu(MYFILE *f, INT32 num) if (fastcmp(word, "BACKGROUNDNAME")) { - strncpy(menudefs[num].bgname, word2, 8); + strlcpy(menudefs[num].bgname, word2, sizeof(menudefs[num].bgname)); titlechanged = true; } else if (fastcmp(word, "HIDEBACKGROUND")) @@ -2186,7 +2186,7 @@ void readmenu(MYFILE *f, INT32 num) } else if (fastcmp(word, "TITLEPICSNAME")) { - strncpy(menudefs[num].ttname, word2, 9); + strlcpy(menudefs[num].ttname, word2, sizeof(menudefs[num].ttname)); titlechanged = true; } else if (fastcmp(word, "TITLEPICSX")) @@ -3266,7 +3266,7 @@ void readmaincfg(MYFILE *f) } else if (fastcmp(word, "TITLEPICSNAME")) { - strncpy(ttname, word2, 9); + strlcpy(ttname, word2, sizeof(ttname)); titlechanged = true; } else if (fastcmp(word, "TITLEPICSX")) diff --git a/src/f_finale.c b/src/f_finale.c index f5f794916..90d0a9863 100644 --- a/src/f_finale.c +++ b/src/f_finale.c @@ -64,7 +64,7 @@ static INT32 menuanimtimer; // Title screen: background animation timing mobj_t *titlemapcameraref = NULL; // menu presentation state -char curbgname[9]; +char curbgname[SHORTNAMELEN+1]; SINT8 curfadevalue; INT32 curbgcolor; INT32 curbgxspeed; @@ -94,7 +94,7 @@ boolean curhidepics; ttmode_enum curttmode; UINT8 curttscale; // ttmode user vars -char curttname[9]; +char curttname[SHORTNAMELEN+1]; INT16 curttx; INT16 curtty; INT16 curttloop; @@ -1133,7 +1133,7 @@ void F_InitMenuPresValues(boolean title) } // Set defaults for presentation values - strncpy(curbgname, "TITLESKY", 9); + strcpy(curbgname, "TITLESKY"); curfadevalue = 16; curbgcolor = -1; curbgxspeed = titlescrollxspeed; @@ -1143,7 +1143,7 @@ void F_InitMenuPresValues(boolean title) curhidepics = hidetitlepics; curttmode = ttmode; curttscale = ttscale; - strncpy(curttname, ttname, 9); + strcpy(curttname, ttname); curttx = ttx; curtty = tty; curttloop = ttloop; @@ -1180,7 +1180,7 @@ void F_SkyScroll(INT32 scrollxspeed, INT32 scrollyspeed, const char *patchname) return; } - pat = W_CachePatchName(patchname, PU_PATCH_LOWPRIORITY); + pat = W_CachePatchLongName(patchname, PU_PATCH_LOWPRIORITY); if (scrollxspeed == 0 && scrollyspeed == 0) { @@ -1220,36 +1220,39 @@ void F_SkyScroll(INT32 scrollxspeed, INT32 scrollyspeed, const char *patchname) } } -#define LOADTTGFX(arr, name, maxf) \ -lumpnum = W_CheckNumForName(name); \ -if (lumpnum != LUMPERROR) \ -{ \ - arr[0] = W_CachePatchName(name, PU_PATCH_LOWPRIORITY); \ - arr[min(1, maxf-1)] = 0; \ -} \ -else if (strlen(name) <= 6) \ -{ \ - fixed_t cnt = strlen(name); \ - strncpy(lumpname, name, 7); \ - for (i = 0; i < maxf-1; i++) \ - { \ - sprintf(&lumpname[cnt], "%.2hu", (UINT16)(i+1)); \ - lumpname[8] = 0; \ - lumpnum = W_CheckNumForName(lumpname); \ - if (lumpnum != LUMPERROR) \ - arr[i] = W_CachePatchName(lumpname, PU_PATCH_LOWPRIORITY); \ - else \ - break; \ - } \ - arr[min(i, maxf-1)] = 0; \ -} \ -else \ - arr[0] = 0; +static void LoadTTGFX(patch_t **arr, const char *name, UINT16 maxf) +{ + UINT16 i; + lumpnum_t lumpnum; + char lumpname[SHORTNAMELEN+1]; + + lumpnum = W_CheckNumForLongName(name); + if (lumpnum != LUMPERROR) + { + arr[0] = W_CachePatchNum(lumpnum, PU_PATCH_LOWPRIORITY); + arr[min(1, maxf-1)] = NULL; + } + else if (strlen(name) <= 6) + { + fixed_t cnt = strlen(name); + strncpy(lumpname, name, 7); + for (i = 0; i < maxf-1; i++) + { + sprintf(&lumpname[cnt], "%.2hu", (UINT16)(i+1)); + lumpnum = W_CheckNumForLongName(lumpname); + if (lumpnum != LUMPERROR) + arr[i] = W_CachePatchNum(lumpnum, PU_PATCH_LOWPRIORITY); + else + break; + } + arr[min(i, maxf-1)] = NULL; + } + else + arr[0] = NULL; +} static void F_CacheTitleScreen(void) { - UINT16 i; - switch(curttmode) { case TTMODE_NONE: @@ -1263,13 +1266,8 @@ static void F_CacheTitleScreen(void) break; case TTMODE_USER: - { - lumpnum_t lumpnum; - char lumpname[9]; - - LOADTTGFX(ttuser, curttname, TTMAX_USER) + LoadTTGFX(ttuser, curttname, TTMAX_USER); break; - } } } diff --git a/src/f_finale.h b/src/f_finale.h index 8ad6cfb61..347001444 100644 --- a/src/f_finale.h +++ b/src/f_finale.h @@ -93,10 +93,12 @@ typedef enum #define TTMAX_ALACROIX 30 // max frames for SONIC typeface, plus one for NULL terminating entry #define TTMAX_USER 100 +#define SHORTNAMELEN 8 + extern ttmode_enum ttmode; extern UINT8 ttscale; // ttmode user vars -extern char ttname[9]; +extern char ttname[SHORTNAMELEN+1]; extern INT16 ttx; extern INT16 tty; extern INT16 ttloop; @@ -114,7 +116,7 @@ typedef enum // Current menu parameters extern mobj_t *titlemapcameraref; -extern char curbgname[9]; +extern char curbgname[SHORTNAMELEN+1]; extern SINT8 curfadevalue; extern INT32 curbgcolor; extern INT32 curbgxspeed; @@ -126,7 +128,7 @@ extern boolean curhidepics; extern ttmode_enum curttmode; extern UINT8 curttscale; // ttmode user vars -extern char curttname[9]; +extern char curttname[SHORTNAMELEN+1]; extern INT16 curttx; extern INT16 curtty; extern INT16 curttloop; diff --git a/src/m_menu.c b/src/m_menu.c index 6f43bf1ad..fc0f53e52 100644 --- a/src/m_menu.c +++ b/src/m_menu.c @@ -823,7 +823,7 @@ void M_SetMenuCurBackground(void) } else if (menudefs[menutype].bgname[0]) { - strncpy(curbgname, menudefs[menutype].bgname, 8); + strcpy(curbgname, menudefs[menutype].bgname); curbgxspeed = menudefs[menutype].titlescrollxspeed != INT32_MAX ? menudefs[menutype].titlescrollxspeed : titlescrollxspeed; curbgyspeed = menudefs[menutype].titlescrollyspeed != INT32_MAX ? menudefs[menutype].titlescrollyspeed : titlescrollyspeed; return; @@ -833,7 +833,7 @@ void M_SetMenuCurBackground(void) curbghide = true; else { - strncpy(curbgname, "TITLESKY", 9); + strcpy(curbgname, "TITLESKY"); curbgxspeed = titlescrollxspeed; curbgyspeed = titlescrollyspeed; } @@ -902,7 +902,7 @@ void M_SetMenuCurTitlePics(void) curhidepics = menudefs[menutype].hidetitlepics; curttmode = menudefs[menutype].ttmode; curttscale = (menudefs[menutype].ttscale != UINT8_MAX ? menudefs[menutype].ttscale : ttscale); - strncpy(curttname, menudefs[menutype].ttname, sizeof(curttname)-1); + strcpy(curttname, menudefs[menutype].ttname); curttx = (menudefs[menutype].ttx != INT16_MAX ? menudefs[menutype].ttx : ttx); curtty = (menudefs[menutype].tty != INT16_MAX ? menudefs[menutype].tty : tty); curttloop = (menudefs[menutype].ttloop != INT16_MAX ? menudefs[menutype].ttloop : ttloop); @@ -924,7 +924,7 @@ void M_SetMenuCurTitlePics(void) curhidepics = hidetitlepics; curttmode = ttmode; curttscale = ttscale; - strncpy(curttname, ttname, 9); + strcpy(curttname, ttname); curttx = ttx; curtty = tty; curttloop = ttloop; diff --git a/src/m_menu.h b/src/m_menu.h index 9e7be4d00..0b3c3faf3 100644 --- a/src/m_menu.h +++ b/src/m_menu.h @@ -190,6 +190,8 @@ struct menuitem_t INT16 x, y; // coordinates, see menuitemflags }; +#define SHORTNAMELEN 8 + struct menu_t { dehinfo_t info; @@ -208,7 +210,7 @@ struct menu_t // MENUPRES STUFF BELOW - char bgname[8]; // name for background gfx lump; lays over titlemap if this is set + char bgname[SHORTNAMELEN+1]; // name for background gfx lump; lays over titlemap if this is set SINT8 fadestrength; // darken background when displaying this menu, strength 0-31 or -1 for undefined INT32 bgcolor; // fill color, overrides bg name. -1 means follow bg name rules. INT32 titlescrollxspeed; // background gfx scroll per menu; inherits global setting @@ -218,7 +220,7 @@ struct menu_t SINT8 hidetitlepics; // hide title gfx per menu; -1 means undefined, inherits global setting ttmode_enum ttmode; // title wing animation mode; default TTMODE_KART UINT8 ttscale; // scale of title wing gfx (FRACUNIT / ttscale); -1 means undefined, inherits global setting - char ttname[9]; // lump name of title wing gfx. If name length is <= 6, engine will attempt to load numbered frames (TTNAMExx) + char ttname[SHORTNAMELEN+1]; // lump name of title wing gfx. If name length is <= 6, engine will attempt to load numbered frames (TTNAMExx) INT16 ttx; // X position of title wing INT16 tty; // Y position of title wing INT16 ttloop; // # frame to loop; -1 means dont loop