This bug has been pending for more than two months and no fix in Debian
yet... Does Bruno still track his bugs?
Here is two patches for both Sarge and Sid versions.
Pierre Riteau
(CC'ing [EMAIL PROTECTED] for the stable fix, and the
Co-Maintainer as I don't know if he receives BTS replies)
(Email address in previous message for tagging is wrong, I was playing
with bts thinking it wouldn't commit the changes)
--- xmame-0.86.orig/src/unix/dirio.c
+++ xmame-0.86/src/unix/dirio.c
@@ -184,7 +184,7 @@
#else
getcwd(cwd, MAXPATHL);
#endif
- strcat(cwd, "/");
+ strncat(cwd, "/", sizeof(cwd) - strlen(cwd) - 1);
return cwd;
}
--- xmame-0.86.orig/src/unix/fileio.c
+++ xmame-0.86/src/unix/fileio.c
@@ -412,7 +412,7 @@
/* compose_path */
/*============================================================ */
-static void compose_path(char *output, int pathtype, int pathindex, const char
*filename)
+static void compose_path(char *output, size_t outputlen, int pathtype, int
pathindex, const char *filename)
{
const char *basepath = get_path_for_filetype(pathtype, pathindex, NULL);
char *p;
@@ -425,10 +425,10 @@
/* compose the full path */
*output = 0;
if (basepath)
- strcat(output, basepath);
+ strncat(output, basepath, outputlen - strlen(output) - 1);
if (*output && !is_pathsep(output[strlen(output) - 1]))
- strcat(output, "/");
- strcat(output, filename);
+ strncat(output, "/", outputlen - strlen(output) - 1);
+ strncat(output, filename, outputlen - strlen(output) - 1);
/* convert backslashes to forward slashes */
for (p = output; *p; p++)
@@ -463,7 +463,7 @@
char fullpath[1024];
/* compose the full path */
- compose_path(fullpath, pathtype, pathindex, filename);
+ compose_path(fullpath, sizeof(fullpath), pathtype, pathindex, filename);
/* get the file attributes */
if (stat(fullpath, &buf))
@@ -499,7 +499,7 @@
memset(file, 0, sizeof(*file));
/* compose the full path */
- compose_path(fullpath, pathtype, pathindex, filename);
+ compose_path(fullpath, sizeof(fullpath), pathtype, pathindex, filename);
/* attempt to open the file */
file->fileptr = fopen(fullpath, mode);
@@ -699,7 +699,7 @@
char fullpath[1024];
/* compose the full path */
- compose_path(fullpath, pathtype, pathindex, dirname);
+ compose_path(fullpath, sizeof(fullpath), pathtype, pathindex, dirname);
return check_and_create_dir(fullpath) ? 0 : 1;
}
--- xmame-0.86.orig/src/unix/joystick-drivers/joy_i386.c
+++ xmame-0.86/src/unix/joystick-drivers/joy_i386.c
@@ -83,7 +83,7 @@
fprintf (stderr_file, "I386 joystick interface initialization...\n");
for (i = first_dev; i <= last_dev; i++)
{
- sprintf (devname, "%s%d", joy_dev, i);
+ snprintf (devname, sizeof(devname), "%s%d", joy_dev, i);
if ((joy_data[i].fd = open (devname, O_RDONLY)) >= 0)
{
if(joytype != JOY_I386NEW)
--- xmame-0.86.orig/src/unix/config.c
+++ xmame-0.86/src/unix/config.c
@@ -627,7 +627,7 @@
INP_HEADER inp_header;
memset(&inp_header, '\0', sizeof(INP_HEADER));
- strcpy(inp_header.name, drivers[game_index]->name);
+ strncpy(inp_header.name, drivers[game_index]->name,
sizeof(inp_header.name) - 1);
mame_fwrite(options.record, &inp_header, sizeof(INP_HEADER));
}
--- xmame-0.86.orig/src/fileio.c
+++ xmame-0.86/src/fileio.c
@@ -325,16 +325,20 @@
int pathindex;
/* copy the filename and add an extension */
- strcpy(modified_filename, filename);
+ strncpy(modified_filename, filename, sizeof(modified_filename) - 1);
+ modified_filename[sizeof(modified_filename) - 1] = 0;
if (extension)
{
char *p = strchr(modified_filename, '.');
if (p)
- strcpy(p, extension);
+ {
+ strncpy(p, extension, sizeof(modified_filename) - (p -
modified_filename) - 1);
+ modified_filename[sizeof(modified_filename) - 1] = 0;
+ }
else
{
- strcat(modified_filename, ".");
- strcat(modified_filename, extension);
+ strncat(modified_filename, ".",
sizeof(modified_filename) - strlen(modified_filename) - 1);
+ strncat(modified_filename, extension,
sizeof(modified_filename) - strlen(modified_filename) - 1);
}
}
@@ -344,19 +348,19 @@
char name[256];
/* first check the raw filename, in case we're looking for a
directory */
- sprintf(name, "%s", filename);
+ snprintf(name, sizeof(name), "%s", filename);
LOG(("mame_faccess: trying %s\n", name));
if (osd_get_path_info(filetype, pathindex, name) !=
PATH_NOT_FOUND)
return 1;
/* try again with a .zip extension */
- sprintf(name, "%s.zip", filename);
+ snprintf(name, sizeof(name), "%s.zip", filename);
LOG(("mame_faccess: trying %s\n", name));
if (osd_get_path_info(filetype, pathindex, name) !=
PATH_NOT_FOUND)
return 1;
/* does such a directory (or file) exist? */
- sprintf(name, "%s", modified_filename);
+ snprintf(name, sizeof(name), "%s", modified_filename);
LOG(("mame_faccess: trying %s\n", name));
if (osd_get_path_info(filetype, pathindex, name) !=
PATH_NOT_FOUND)
return 1;
@@ -743,7 +747,7 @@
compose_path
***************************************************************************/
-INLINE void compose_path(char *output, const char *gamename, const char
*filename, const char *extension)
+INLINE void compose_path(char *output, size_t outputlen, const char *gamename,
const char *filename, const char *extension)
{
char *filename_base = output;
*output = 0;
@@ -751,7 +755,8 @@
#ifdef MESS
if (filename && osd_is_absolute_path(filename))
{
- strcpy(output, filename);
+ strncpy(output, filename, outputlen - 1);
+ output[outputlen - 1] = 0;
return;
}
#endif
@@ -759,23 +764,23 @@
/* if there's a gamename, add that; only add a '/' if there is a
filename as well */
if (gamename)
{
- strcat(output, gamename);
+ strncat(output, gamename, outputlen - strlen(output) - 1);
if (filename)
{
- strcat(output, "/");
+ strncat(output, "/", outputlen - strlen(output) - 1);
filename_base = &output[strlen(output)];
}
}
/* if there's a filename, add that */
if (filename)
- strcat(output, filename);
+ strncat(output, filename, outputlen - strlen(output) - 1);
/* if there's no extension in the filename, add the extension */
if (extension && !strchr(filename_base, '.'))
{
- strcat(output, ".");
- strcat(output, extension);
+ strncat(output, ".", outputlen - strlen(output) - 1);
+ strncat(output, extension, outputlen - strlen(output) - 1);
}
}
@@ -920,7 +925,7 @@
/* ----------------- STEP 1: OPEN THE FILE RAW
-------------------- */
/* first look for path/gamename as a directory */
- compose_path(name, gamename, NULL, NULL);
+ compose_path(name, sizeof(name), gamename, NULL, NULL);
LOG(("Trying %s\n", name));
#ifdef MESS
@@ -939,7 +944,7 @@
if (*name == 0 || osd_get_path_info(pathtype, pathindex, name)
== PATH_IS_DIRECTORY)
{
/* now look for path/gamename/filename.ext */
- compose_path(name, gamename, filename, extension);
+ compose_path(name, sizeof(name), gamename, filename,
extension);
/* if we need checksums, load it into RAM and compute
it along the way */
if (flags & FILEFLAG_HASH)
@@ -1026,7 +1031,7 @@
if (!(flags & (FILEFLAG_OPENWRITE | FILEFLAG_NOZIP)))
{
/* first look for path/gamename.zip */
- compose_path(name, gamename, NULL, "zip");
+ compose_path(name, sizeof(name), gamename, NULL, "zip");
LOG(("Trying %s file\n", name));
/* if the ZIP file exists, proceed */
@@ -1035,7 +1040,7 @@
UINT32 ziplength;
/* if the file was able to be extracted from
the ZIP, continue */
- compose_path(tempname, NULL, filename,
extension);
+ compose_path(tempname, sizeof(tempname), NULL,
filename, extension);
/* verify-only case */
if (flags & FILEFLAG_VERIFY_ONLY)
--- xmame-0.101.orig/src/unix/xmess.c
+++ xmame-0.101/src/unix/xmess.c
@@ -191,22 +191,22 @@
{
char name[200],name_ref[200];
- strcpy(name,drivers[i]->description);
+
strncpy(name,drivers[i]->description,sizeof(name) - 1);
+ name[sizeof(name) - 1] = 0;
/* Move leading "The" to the end */
- if (strstr(name," (")) *strstr(name,"
(") = 0;
+ if (strstr(name," ("))
+ *strstr(name," (") = 0;
if (strncmp(name,"The ",4) == 0)
- {
- sprintf(name_ref,"%s, The
",name+4);
- }
+
snprintf(name_ref,sizeof(name_ref),"%s, The ",name+4);
else
- sprintf(name_ref,"%s ",name);
+
snprintf(name_ref,sizeof(name_ref),"%s ",name);
/* print the additional description
only if we are listing clones */
if (listclones)
{
if
(strchr(drivers[i]->description,'('))
-
strcat(name_ref,strchr(drivers[i]->description,'('));
+
strncat(name_ref,strchr(drivers[i]->description,'('),sizeof(name_ref) -
strlen(name_ref) - 1);
}
/*fprintf(stdout_file, "|
%-33.33s",name_ref); */
@@ -368,7 +368,7 @@
int d=0;
/* ensure the roms directory exists! */
- sprintf(buf,"%s %s","md",sys_rom_path);
+ snprintf(buf,sizeof(buf),"%s %s","md",sys_rom_path);
fprintf(stdout_file, "%s\n",buf);
system(buf);
@@ -376,7 +376,7 @@
while(drivers[d])
{
/* create the systems directory */
- sprintf(buf,"%s
%s\\%s","md",sys_rom_path,drivers[d]->name);
+ snprintf(buf,sizeof(buf),"%s
%s\\%s","md",sys_rom_path,drivers[d]->name);
fprintf(stdout_file, "%s\n",buf);
system(buf);
d++;
--- xmame-0.101.orig/src/unix/dirio.c
+++ xmame-0.101/src/unix/dirio.c
@@ -184,7 +184,7 @@
#else
getcwd(cwd, MAXPATHL);
#endif
- strcat(cwd, "/");
+ strncat(cwd, "/", sizeof(cwd) - strlen(cwd) - 1);
return cwd;
}
--- xmame-0.101.orig/src/unix/fileio.c
+++ xmame-0.101/src/unix/fileio.c
@@ -433,7 +433,7 @@
/* compose_path */
/*============================================================ */
-static void compose_path(char *output, int pathtype, int pathindex, const char
*filename)
+static void compose_path(char *output, size_t outputlen, int pathtype, int
pathindex, const char *filename)
{
const char *basepath = get_path_for_filetype(pathtype, pathindex, NULL);
char *p;
@@ -446,10 +446,10 @@
/* compose the full path */
*output = 0;
if (basepath)
- strcat(output, basepath);
+ strncat(output, basepath, outputlen - strlen(output) - 1);
if (*output && !is_pathsep(output[strlen(output) - 1]))
- strcat(output, "/");
- strcat(output, filename);
+ strncat(output, "/", outputlen - strlen(output) - 1);
+ strncat(output, filename, outputlen - strlen(output) - 1);
/* convert backslashes to forward slashes */
for (p = output; *p; p++)
@@ -484,7 +484,7 @@
char fullpath[1024];
/* compose the full path */
- compose_path(fullpath, pathtype, pathindex, filename);
+ compose_path(fullpath, sizeof(fullpath), pathtype, pathindex, filename);
/* get the file attributes */
if (stat(fullpath, &buf))
@@ -524,7 +524,7 @@
memset(file, 0, sizeof(*file));
/* compose the full path */
- compose_path(fullpath, pathtype, pathindex, filename);
+ compose_path(fullpath, sizeof(fullpath), pathtype, pathindex, filename);
/* attempt to open the file */
file->fileptr = fopen(fullpath, mode);
@@ -724,7 +724,7 @@
char fullpath[1024];
/* compose the full path */
- compose_path(fullpath, pathtype, pathindex, dirname);
+ compose_path(fullpath, sizeof(fullpath), pathtype, pathindex, dirname);
return check_and_create_dir(fullpath) ? 0 : 1;
}
--- xmame-0.101.orig/src/unix/joystick-drivers/joy_standard.c
+++ xmame-0.101/src/unix/joystick-drivers/joy_standard.c
@@ -85,7 +85,7 @@
fprintf (stderr_file, "Standard joystick interface
initialization...\n");
for (i = 0, dev = first_dev; dev <= last_dev; i++, dev++)
{
- sprintf (devname, "%s%d", joy_dev, dev);
+ snprintf (devname, sizeof(devname), "%s%d", joy_dev, dev);
if ((joy_data[i].fd = open(devname, O_RDONLY)) >= 0)
{
if (use_old_driver)
--- xmame-0.101.orig/src/unix/config.c
+++ xmame-0.101/src/unix/config.c
@@ -614,7 +614,7 @@
inp_header inp_header;
memset(&inp_header, '\0', sizeof(inp_header));
- strcpy(inp_header.name, drivers[game_index]->name);
+ strncpy(inp_header.name, drivers[game_index]->name,
sizeof(inp_header.name) - 1);
mame_fwrite(options.record, &inp_header, sizeof(inp_header));
}
--- xmame-0.101.orig/src/fileio.c
+++ xmame-0.101/src/fileio.c
@@ -331,16 +331,20 @@
int pathindex;
/* copy the filename and add an extension */
- strcpy(modified_filename, filename);
+ strncpy(modified_filename, filename, sizeof(modified_filename) - 1);
+ modified_filename[sizeof(modified_filename) - 1] = 0;
if (extension)
{
char *p = strchr(modified_filename, '.');
if (p)
- strcpy(p, extension);
+ {
+ strncpy(p, extension, sizeof(modified_filename) - (p -
modified_filename) - 1);
+ modified_filename[sizeof(modified_filename) - 1] = 0;
+ }
else
{
- strcat(modified_filename, ".");
- strcat(modified_filename, extension);
+ strncat(modified_filename, ".",
sizeof(modified_filename) - strlen(modified_filename) - 1);
+ strncat(modified_filename, extension,
sizeof(modified_filename) - strlen(modified_filename) - 1);
}
}
@@ -350,19 +354,19 @@
char name[256];
/* first check the raw filename, in case we're looking for a
directory */
- sprintf(name, "%s", filename);
+ snprintf(name, sizeof(name), "%s", filename);
LOG(("mame_faccess: trying %s\n", name));
if (osd_get_path_info(filetype, pathindex, name) !=
PATH_NOT_FOUND)
return 1;
/* try again with a .zip extension */
- sprintf(name, "%s.zip", filename);
+ snprintf(name, sizeof(name), "%s.zip", filename);
LOG(("mame_faccess: trying %s\n", name));
if (osd_get_path_info(filetype, pathindex, name) !=
PATH_NOT_FOUND)
return 1;
/* does such a directory (or file) exist? */
- sprintf(name, "%s", modified_filename);
+ snprintf(name, sizeof(name), "%s", modified_filename);
LOG(("mame_faccess: trying %s\n", name));
if (osd_get_path_info(filetype, pathindex, name) !=
PATH_NOT_FOUND)
return 1;
@@ -749,7 +753,7 @@
compose_path
***************************************************************************/
-INLINE void compose_path(char *output, const char *gamename, const char
*filename, const char *extension)
+INLINE void compose_path(char *output, size_t outputlen, const char *gamename,
const char *filename, const char *extension)
{
char *filename_base = output;
*output = 0;
@@ -757,7 +761,8 @@
#ifdef MESS
if (filename && osd_is_absolute_path(filename))
{
- strcpy(output, filename);
+ strncpy(output, filename, outputlen - 1);
+ output[outputlen - 1] = 0;
return;
}
#endif
@@ -765,23 +770,23 @@
/* if there's a gamename, add that; only add a '/' if there is a
filename as well */
if (gamename)
{
- strcat(output, gamename);
+ strncat(output, gamename, outputlen - strlen(output) - 1);
if (filename)
{
- strcat(output, "/");
+ strncat(output, "/", outputlen - strlen(output) - 1);
filename_base = &output[strlen(output)];
}
}
/* if there's a filename, add that */
if (filename)
- strcat(output, filename);
+ strncat(output, filename, outputlen - strlen(output) - 1);
/* if there's no extension in the filename, add the extension */
if (extension && !strchr(filename_base, '.'))
{
- strcat(output, ".");
- strcat(output, extension);
+ strncat(output, ".", outputlen - strlen(output) - 1);
+ strncat(output, extension, outputlen - strlen(output) - 1);
}
}
@@ -930,7 +935,7 @@
/* ----------------- STEP 1: OPEN THE FILE RAW
-------------------- */
/* first look for path/gamename as a directory */
- compose_path(name, gamename, NULL, NULL);
+ compose_path(name, sizeof(name), gamename, NULL, NULL);
LOG(("Trying %s\n", name));
#ifdef MESS
@@ -949,7 +954,7 @@
if (*name == 0 || osd_get_path_info(pathtype, pathindex, name)
== PATH_IS_DIRECTORY)
{
/* now look for path/gamename/filename.ext */
- compose_path(name, gamename, filename, extension);
+ compose_path(name, sizeof(name), gamename, filename,
extension);
/* if we need checksums, load it into RAM and compute
it along the way */
if (flags & FILEFLAG_HASH)
@@ -1036,7 +1041,7 @@
if (!(flags & (FILEFLAG_OPENWRITE | FILEFLAG_NOZIP)))
{
/* first look for path/gamename.zip */
- compose_path(name, gamename, NULL, "zip");
+ compose_path(name, sizeof(name), gamename, NULL, "zip");
LOG(("Trying %s file\n", name));
/* if the ZIP file exists, proceed */
@@ -1045,7 +1050,7 @@
UINT32 ziplength;
/* if the file was able to be extracted from
the ZIP, continue */
- compose_path(tempname, NULL, filename,
extension);
+ compose_path(tempname, sizeof(tempname), NULL,
filename, extension);
/* verify-only case */
if (flags & FILEFLAG_VERIFY_ONLY)
