Menu
▾
▴
[Ufo2000-svn] SF.net SVN: ufo2000:[1140] trunk/src
|
From: <ufo...@li...> - 2010-05-23 23:50:24
|
Revision: 1140
http://ufo2000.svn.sourceforge.net/ufo2000/?rev=1140&view=rev
Author: ssvb
Date: 2010-05-23 23:50:18 +0000 (Sun, 23 May 2010)
Log Message:
-----------
Fixed soldier name buffer overflow bug (issue #554).
This fix resolves issue #0000554 ('Assert failed at line 195 of units.cpp').
Replaced magic numbers 22 and 26 all over the source code to constants
MAN_NAME_LEN and MAN_NAME_BUFSIZE. Buffer size increased to actually
be large enough to fit MAN_NAME_LEN characters (one UTF-8 character can
take up to 6 bytes). Version bumped because the changes break compatibility
with older releases.
From: Siarhei Siamashka <sia...@gm...>
Modified Paths:
--------------
trunk/src/editor.cpp
trunk/src/global.h
trunk/src/soldier.cpp
trunk/src/soldier.h
trunk/src/stats.h
trunk/src/units.cpp
trunk/src/units.h
trunk/src/version.h
Modified: trunk/src/editor.cpp
===================================================================
--- trunk/src/editor.cpp 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/editor.cpp 2010-05-23 23:50:18 UTC (rev 1140)
@@ -855,7 +855,7 @@
{ d_agup_shadow_box_proc, DX, DY, D_WIDTH, D_HEIGHT, FG, BG, 0, 0, 0, 0, NULL, NULL, NULL},
{ d_agup_button_proc, DX + 200, DY + SSY + SH*13 + 4, 100, 20, FG, BG, 0, D_EXIT, 0, 0, (void *)_("OK"), NULL, NULL},
{ d_agup_rtext_proc, DX + STX, DY + SSY - SH*1, STW, 16, FG, BG, 0, 0, 0, 0, (void *)_("Name:"), NULL, NULL},
- { d_agup_edit_proc, DX + SSX, DY + SSY - SH*1 - 4, 23*8, 16, FG, BG, 0, 0, 22, 0, NULL, NULL, NULL},
+ { d_agup_edit_proc, DX + SSX, DY + SSY - SH*1 - 4, 23*8, 16, FG, BG, 0, 0, MAN_NAME_LEN, 0, NULL, NULL, NULL},
{ d_agup_text_proc, DX + 100, DY + SSY + SH*12 + 2, 100, 16, FG, BG, 0, 0, 0, 0, (void *)points_str, NULL, NULL},
{ d_agup_rtext_proc, DX + STX, DY + SSY + SH*0 + 1, STW, 16 + 4, FG, BG, 0, 0, 0, 0, (void *)_("Race:"), NULL, NULL},
Modified: trunk/src/global.h
===================================================================
--- trunk/src/global.h 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/global.h 2010-05-23 23:50:18 UTC (rev 1140)
@@ -194,11 +194,15 @@
uint8 mapdata[36]; //!< The actual map data - refers to the number at the end of map name; i.e. urban12 would be number
};
+// Name length limit in characters
+#define MAN_NAME_LEN 22
+// Name buffer size (each character can take up to 6 bytes in UTF-8)
+#define MAN_NAME_BUFSIZE (MAN_NAME_LEN * 6 + 1)
+
#pragma pack(1)
struct MANDATA
{
-#define MAN_NAME_LEN 22
- char Name[26]; //!< There are actually 26 bytes allocated for this, but only the first 23 are used. The names can be up to 22 bytes.
+ char Name[MAN_NAME_BUFSIZE];
unsigned char TimeUnits; //!< TU each turn for actions
unsigned char Health; //!< Hitpoints: when down to 0, soldier dies
unsigned char Stamina; //!< Actions like walking consume TU as well as energy
Modified: trunk/src/soldier.cpp
===================================================================
--- trunk/src/soldier.cpp 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/soldier.cpp 2010-05-23 23:50:18 UTC (rev 1140)
@@ -403,7 +403,7 @@
bool Soldier::set_name(const char *newname)
{
- if (strlen(newname) + 1 > sizeof(ud.Name)) return false;
+ if (ustrlen(newname) > MAN_NAME_LEN) return false;
strcpy(ud.Name, newname);
strcpy(md.Name, newname);
return true;
Modified: trunk/src/soldier.h
===================================================================
--- trunk/src/soldier.h 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/soldier.h 2010-05-23 23:50:18 UTC (rev 1140)
@@ -63,7 +63,7 @@
unsigned char LArmWound;
unsigned char RLegWound;
unsigned char LLegWound;
- char Name[26]; //!< The unit name!!
+ char Name[MAN_NAME_BUFSIZE]; //!< The unit name!!
};
#define P_SHL_RIGHT 0
Modified: trunk/src/stats.h
===================================================================
--- trunk/src/stats.h 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/stats.h 2010-05-23 23:50:18 UTC (rev 1140)
@@ -34,7 +34,7 @@
DECLARE_PERSISTENCE(StatEntry);
private:
int SID; //!< The soldier's ID
- char name[26]; //!< The name of the soldier
+ char name[MAN_NAME_BUFSIZE]; //!< The name of the soldier
int kills; //!< The number of soldiers he's killed
int dead; //!< Is he dead?
int damage_inflicted; //!< How much damage did he inflict?
Modified: trunk/src/units.cpp
===================================================================
--- trunk/src/units.cpp 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/units.cpp 2010-05-23 23:50:18 UTC (rev 1140)
@@ -137,10 +137,14 @@
int Units::add(int num, const char *nm, int ct)
{
- if (num < 0 || num >= SQUAD_LIMIT)
+ if (num < 0 || num >= SQUAD_LIMIT) {
+ ASSERT(false);
return 0;
- if (strlen(nm) >= 25)
+ }
+ if (ustrlen(nm) > MAN_NAME_LEN) {
+ ASSERT(false);
return 0;
+ }
size = num;
strcpy(name[size], nm);
cost[size] = ct;
Modified: trunk/src/units.h
===================================================================
--- trunk/src/units.h 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/units.h 2010-05-23 23:50:18 UTC (rev 1140)
@@ -36,7 +36,7 @@
friend class Connect;
private:
int size;
- char name[SQUAD_LIMIT][26];
+ char name[SQUAD_LIMIT][MAN_NAME_BUFSIZE];
int cost[SQUAD_LIMIT];
int lev[SQUAD_LIMIT], col[SQUAD_LIMIT], row[SQUAD_LIMIT];
int selected; //!< number of the soldier currently selected for editing
Modified: trunk/src/version.h
===================================================================
--- trunk/src/version.h 2010-05-23 17:22:18 UTC (rev 1139)
+++ trunk/src/version.h 2010-05-23 23:50:18 UTC (rev 1140)
@@ -23,7 +23,7 @@
#define UFO_VERSION_TAG "beta9"
#define UFO_VERSION_STRING "0.9"
-#define UFO_REVISION_NUMBER 1129
+#define UFO_REVISION_NUMBER 1140
#ifndef UFO_SVNVERSION
#define UFO_SVNVERSION "unknown"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
