diff options
author | haranp <haranp@c06c8d41-db1a-0410-9941-cceddc491573> | 2006-11-03 16:12:18 +0000 |
---|---|---|
committer | haranp <haranp@c06c8d41-db1a-0410-9941-cceddc491573> | 2006-11-03 16:12:18 +0000 |
commit | a5a6fb8fa90ca53bfc09bd2f667cbed820d537cf (patch) | |
tree | f90ea13eb71570c2450bbfc9850c9b5ae34ac2f8 | |
parent | 999e06fb3d3de53155b28a0c9d29e60615b7c16c (diff) | |
download | crawl-ref-a5a6fb8fa90ca53bfc09bd2f667cbed820d537cf.tar.gz crawl-ref-a5a6fb8fa90ca53bfc09bd2f667cbed820d537cf.zip |
Fixed 1589824 (somewhat hackishly.)
Closed a fair number of security holes which came from assuming that
cprintf() is actually cstrcpy(). You can (and should) now use % instead
of %% when you want % in literal strings...
git-svn-id: https://crawl-ref.svn.sourceforge.net/svnroot/crawl-ref/branches/stone_soup@330 c06c8d41-db1a-0410-9941-cceddc491573
-rw-r--r-- | crawl-ref/source/abl-show.cc | 2 | ||||
-rw-r--r-- | crawl-ref/source/command.cc | 4 | ||||
-rw-r--r-- | crawl-ref/source/debug.cc | 2 | ||||
-rw-r--r-- | crawl-ref/source/describe.cc | 49 | ||||
-rw-r--r-- | crawl-ref/source/files.cc | 1 | ||||
-rw-r--r-- | crawl-ref/source/hiscores.cc | 8 | ||||
-rw-r--r-- | crawl-ref/source/maps.cc | 4 | ||||
-rw-r--r-- | crawl-ref/source/menu.cc | 2 | ||||
-rw-r--r-- | crawl-ref/source/message.cc | 30 | ||||
-rw-r--r-- | crawl-ref/source/mutation.cc | 3 | ||||
-rw-r--r-- | crawl-ref/source/newgame.cc | 30 | ||||
-rw-r--r-- | crawl-ref/source/ouch.cc | 4 | ||||
-rw-r--r-- | crawl-ref/source/output.cc | 2 | ||||
-rw-r--r-- | crawl-ref/source/overmap.cc | 12 | ||||
-rw-r--r-- | crawl-ref/source/player.cc | 2 | ||||
-rw-r--r-- | crawl-ref/source/shopping.cc | 7 | ||||
-rw-r--r-- | crawl-ref/source/spl-book.cc | 6 | ||||
-rw-r--r-- | crawl-ref/source/spl-cast.cc | 2 | ||||
-rw-r--r-- | crawl-ref/source/stash.cc | 2 |
19 files changed, 77 insertions, 95 deletions
diff --git a/crawl-ref/source/abl-show.cc b/crawl-ref/source/abl-show.cc index 508c800d76..d321365e74 100644 --- a/crawl-ref/source/abl-show.cc +++ b/crawl-ref/source/abl-show.cc @@ -1307,7 +1307,7 @@ char show_abilities( void ) if (cost_str.length() > 24) cost_str = cost_str.substr( 0, 24 ); - cprintf( cost_str.c_str() ); + cprintf( "%s", cost_str.c_str() ); gotoxy(60, wherey()); diff --git a/crawl-ref/source/command.cc b/crawl-ref/source/command.cc index e1741b9852..437192ad34 100644 --- a/crawl-ref/source/command.cc +++ b/crawl-ref/source/command.cc @@ -897,7 +897,7 @@ static void list_wizard_commands() } gotoxy( ((j % 2) ? 40 : 2), ((j / 2) + 1) ); - cprintf( line ); + cprintf( "%s", line ); j++; } @@ -927,7 +927,7 @@ static const char *wizard_string( int i ) (i == 50) ? "i/I : identify/unidentify inventory": (i == 70) ? "l : make entrance to labyrinth" : (i == 80) ? "m/M : create monster by number/name": - (i == 90) ? "o/%% : create an object" : + (i == 90) ? "o/% : create an object" : (i == 100) ? "p : make entrance to pandemonium" : (i == 110) ? "x : gain an experience level" : (i == 115) ? "r : change character's species" : diff --git a/crawl-ref/source/debug.cc b/crawl-ref/source/debug.cc index b0ad0f56ab..6f61b884fa 100644 --- a/crawl-ref/source/debug.cc +++ b/crawl-ref/source/debug.cc @@ -732,7 +732,7 @@ void create_spec_object(void) MSGCH_PROMPT); mpr("= - jewellery ! - potions : - books | - staves 0 - The Orb", MSGCH_PROMPT); - mpr("} - miscellany X - corpses %% - food $ - gold ESC - exit", + mpr("} - miscellany X - corpses % - food $ - gold ESC - exit", MSGCH_PROMPT); mpr("What class of item? ", MSGCH_PROMPT); diff --git a/crawl-ref/source/describe.cc b/crawl-ref/source/describe.cc index 795a4466e1..43c6653845 100644 --- a/crawl-ref/source/describe.cc +++ b/crawl-ref/source/describe.cc @@ -114,7 +114,8 @@ static void print_description( const std::string &d ) if (nextLine >= currentPos && nextLine < currentPos + lineWidth) { - cprintf((d.substr(currentPos, nextLine - currentPos)).c_str()); + cprintf("%s", + (d.substr(currentPos, nextLine - currentPos)).c_str()); currentPos = nextLine + 1; continue; } @@ -1051,7 +1052,7 @@ static std::string describe_weapon( const item_def &item, bool verbose) description += "$Base attack delay: "; append_value(description, property( item, PWPN_SPEED ) * 10, false); - description += "%%"; + description += "%"; } description += "$"; @@ -2964,7 +2965,7 @@ static std::string describe_staff( const item_def &item ) else { description += - "$$Damage rating: 7 $Accuracy rating: +6 $Attack delay: 120%%"; + "$$Damage rating: 7 $Accuracy rating: +6 $Attack delay: 120%"; description += "$$It falls into the 'staves' category. "; } @@ -6301,7 +6302,7 @@ static void print_god_abil_desc( int abil ) std::string str( abil_info.name ); str += std::string( 79 - str.length() - cost.length(), ' ' ) + cost + EOL; - cprintf( str.c_str() ); + cprintf( "%s", str.c_str() ); } @@ -6346,7 +6347,7 @@ void describe_god( int which_god, bool give_title ) //mv: print god's name and title - if you can think up better titles //I have nothing against textcolor(colour); - cprintf (god_name(which_god,true)); //print long god's name + cprintf( "%s", god_name(which_god,true)); //print long god's name cprintf (EOL EOL); //mv: print god's description @@ -6449,7 +6450,7 @@ void describe_god( int which_god, bool give_title ) "be reported to dev-team."; } - cprintf(description); + cprintf("%s", description); //end of printing description // title only shown for our own god @@ -6463,7 +6464,7 @@ void describe_god( int which_god, bool give_title ) // based on your god if (you.piety > 160) { - cprintf((which_god == GOD_SHINING_ONE) ? "Champion of Law" : + cprintf("%s", (which_god == GOD_SHINING_ONE) ? "Champion of Law" : (which_god == GOD_ZIN) ? "Divine Warrior" : (which_god == GOD_ELYVILON) ? "Champion of Light" : (which_god == GOD_OKAWARU) ? "Master of a Thousand Battles" : @@ -6534,16 +6535,13 @@ void describe_god( int which_god, bool give_title ) if (you.religion != which_god) { textcolor (colour); - snprintf( info, INFO_SIZE, - (you.penance[which_god] >= 50) ? "%s's wrath is upon you!" : + cprintf( (you.penance[which_god] >= 50) ? "%s's wrath is upon you!" : (you.penance[which_god] >= 20) ? "%s is annoyed with you." : (you.penance[which_god] >= 5) ? "%s well remembers your sins." : (you.penance[which_god] > 0) ? "%s is ready to forgive your sins." : (you.worshipped[which_god]) ? "%s is ambivalent towards you." : "%s is neutral towards you.", god_name(which_god) ); - - cprintf(info); } else { @@ -6561,32 +6559,23 @@ void describe_god( int which_god, bool give_title ) cprintf("You are ignored."); else { - snprintf( info, INFO_SIZE, - - (you.piety > 130) ? "A prized avatar of %s.": + cprintf( (you.piety > 130) ? "A prized avatar of %s.": (you.piety > 100) ? "A shining star in the eyes of %s." : (you.piety > 70) ? "A rising star in the eyes of %s." : (you.piety > 40) ? "%s is most pleased with you." : (you.piety > 20) ? "%s has noted your presence." : (you.piety > 5) ? "%s is noncommittal." - : "You are beneath notice.", - - god_name(which_god) - ); - - cprintf(info); + : "You are beneath %s's notice.", + god_name(which_god)); } } //end of favour //mv: following code shows abilities given from god (if any) - - textcolor(LIGHTGRAY); cprintf(EOL EOL "Granted powers : (Cost)" EOL); textcolor(colour); - // mv: these gods protects you during your prayer (not mentioning XOM) // chance for doing so is (random2(you.piety) >= 30) // Note that it's not depending on penance. @@ -6602,15 +6591,11 @@ void describe_god( int which_god, bool give_title ) && you.piety >= 30) { penance_ability = true; // suppress "none" later - snprintf( info, INFO_SIZE, - "%s %s watches over you during prayer." EOL, - god_name(which_god), - (you.piety >= 150) ? "carefully": // > 4/5 - (you.piety >= 90) ? "often" : // > 2/3 - "sometimes" // less than 2:3 - ); - - cprintf(info); + cprintf( "%s %s watches over you during prayer." EOL, + god_name(which_god), + (you.piety >= 150) ? "carefully": // > 4/5 + (you.piety >= 90) ? "often" : // > 2/3 + "sometimes"); // less than 2:3 } // mv: No abilities (except divine protection) diff --git a/crawl-ref/source/files.cc b/crawl-ref/source/files.cc index 27ebf5c43f..da1435504e 100644 --- a/crawl-ref/source/files.cc +++ b/crawl-ref/source/files.cc @@ -1152,7 +1152,6 @@ void save_game(bool leave_game) snprintf( cmd_buff, sizeof(cmd_buff), SAVE_PACKAGE_CMD, basename.c_str(), basename.c_str() ); - if (system( cmd_buff ) != 0) { cprintf( EOL "Warning: Zip command (SAVE_PACKAGE_CMD) returned non-zero value!" EOL ); } diff --git a/crawl-ref/source/hiscores.cc b/crawl-ref/source/hiscores.cc index 7fcc66c3d2..1bebf54255 100644 --- a/crawl-ref/source/hiscores.cc +++ b/crawl-ref/source/hiscores.cc @@ -206,9 +206,9 @@ void hiscores_print_list( int display_count, int format ) // print position (tracked implicitly by order score file) snprintf( info, INFO_SIZE, "%3d.", i + 1 ); if (use_printf) - printf(info); + printf("%s", info); else - cprintf(info); + cprintf("%s", info); // format the entry if (format == SCORE_TERSE) @@ -226,9 +226,9 @@ void hiscores_print_list( int display_count, int format ) // print entry strcat(info, EOL); if(use_printf) - printf(info); + printf("%s", info); else - cprintf(info); + cprintf("%s", info); if (i == newest_entry && !use_printf) textcolor(LIGHTGREY); diff --git a/crawl-ref/source/maps.cc b/crawl-ref/source/maps.cc index 931e0bae92..7bf2a8762f 100644 --- a/crawl-ref/source/maps.cc +++ b/crawl-ref/source/maps.cc @@ -142,8 +142,8 @@ char vault_main( char vgrid[81][81], FixedVector<int, 7>& mons_array, int vault_ for (vy = 0; vy < 80; vy++) vgrid[vx][vy] = 'x'; - vgrid[80][vx] = '\0'; - vgrid[vx][80] = '\0'; + vgrid[80][vx] = 0; + vgrid[vx][80] = 0; } // next, select an appropriate vault to place {dlb}: diff --git a/crawl-ref/source/menu.cc b/crawl-ref/source/menu.cc index 03c6fa195c..c804c5343b 100644 --- a/crawl-ref/source/menu.cc +++ b/crawl-ref/source/menu.cc @@ -260,7 +260,7 @@ bool Menu::draw_title_suffix( const std::string &s, bool titlefirst ) s.length() == avail_width? s : s + std::string(avail_width - s.length(), ' '); - cprintf(towrite.c_str()); + cprintf("%s", towrite.c_str()); gotoxy( oldx, oldy ); return true; diff --git a/crawl-ref/source/message.cc b/crawl-ref/source/message.cc index b44c1e232c..511e800a7d 100644 --- a/crawl-ref/source/message.cc +++ b/crawl-ref/source/message.cc @@ -41,6 +41,7 @@ int Next_Message = 0; // end of messages char Message_Line = 0; // line of next (previous?) message static bool suppress_messages = false; +static void base_mpr(const char *inf, int channel, int param); no_messages::no_messages() : msuppressed(suppress_messages) { @@ -234,9 +235,9 @@ static char channel_to_colour( int channel, int param ) static void do_message_print( int channel, int param, const char *format, va_list argp ) { - char buff[80]; + char buff[200]; vsnprintf( buff, sizeof( buff ), format, argp ); - buff[79] = 0; + buff[199] = 0; mpr(buff, channel, param); } @@ -259,11 +260,25 @@ void mprf( const char *format, ... ) void mpr(const char *inf, int channel, int param) { + char mbuf[400]; + unsigned int i = 0; + const int stepsize = get_number_of_cols() - 1; + while ( i <= strlen(inf) ) + { + // maybe we should put in some intelligence here, to + // try to break after a space or something. For the future. + strncpy( mbuf, inf + i, stepsize ); + mbuf[stepsize] = 0; + base_mpr( mbuf, channel, param ); + i += stepsize; + } +} + +static void base_mpr(const char *inf, int channel, int param) +{ if (suppress_messages) return; - char info2[80]; - int colour = channel_to_colour( channel, param ); if (colour == MSGCOL_MUTED) return; @@ -323,11 +338,8 @@ void mpr(const char *inf, int channel, int param) more(); gotoxy( (Options.delay_message_clear) ? 2 : 1, Message_Line + 18 ); - strncpy(info2, inf, 78); - info2[78] = 0; - textcolor( colour ); - cprintf(info2); + cprintf("%s", inf); // // reset colour textcolor(LIGHTGREY); @@ -545,7 +557,7 @@ void replay_messages(void) #if DEBUG_DIAGNOSTICS cprintf( "%d: %s", line, Store_Message[ line ].text.c_str() ); #else - cprintf( Store_Message[ line ].text.c_str() ); + cprintf( "%s", Store_Message[ line ].text.c_str() ); #endif cprintf(EOL); diff --git a/crawl-ref/source/mutation.cc b/crawl-ref/source/mutation.cc index 682e259b06..cfdf3e59ed 100644 --- a/crawl-ref/source/mutation.cc +++ b/crawl-ref/source/mutation.cc @@ -1119,9 +1119,6 @@ void display_mutations(void) puttext(1, 1, 80, 25, buffer); #endif - //cprintf("xxxxxxxxxxxxx"); - //last_requested = 0; - return; } // end display_mutations() diff --git a/crawl-ref/source/newgame.cc b/crawl-ref/source/newgame.cc index 223b45528b..cbdc6845ab 100644 --- a/crawl-ref/source/newgame.cc +++ b/crawl-ref/source/newgame.cc @@ -382,8 +382,7 @@ bool new_game(void) textcolor( BROWN ); cprintf( EOL "Welcome back, " ); textcolor( YELLOW ); - cprintf( you.your_name ); - cprintf( "!" ); + cprintf( "%s!", you.your_name ); textcolor( LIGHTGREY ); save_player_name(); @@ -429,8 +428,7 @@ bool new_game(void) textcolor( BROWN ); cprintf(EOL EOL "Welcome back, "); textcolor( YELLOW ); - cprintf(you.your_name); - cprintf("!"); + cprintf("%s!", you.your_name); textcolor( LIGHTGREY ); return (false); @@ -1462,9 +1460,7 @@ static void choose_book( item_def& book, int firstbook, int numbooks ) char buf[ITEMNAME_SIZE]; book.sub_type = firstbook + i; item_name( book, DESC_PLAIN, buf ); - snprintf( info, INFO_SIZE, "%c - %s" EOL, 'a' + i, buf); - cprintf(info); - + cprintf("%c - %s" EOL, 'a' + i, buf); } textcolor(BROWN); @@ -1557,10 +1553,8 @@ void choose_weapon( void ) int x = effective_stat_bonus(startwep[i]); standard_name_weap(startwep[i], wepName); - snprintf( info, INFO_SIZE, "%c - %s%s" EOL, 'a' + i, wepName, - (x <= -4) ? " (not ideal)" : "" ); - - cprintf(info); + cprintf("%c - %s%s" EOL, 'a' + i, wepName, + (x <= -4) ? " (not ideal)" : "" ); if (Options.prev_weapon == startwep[i]) prevmatch = true; @@ -2125,7 +2119,7 @@ bool verifyPlayerName(void) return (false); } - // quick check for LPTx -- thank you, Mr. Tanksley! ;-) + // quick check for LPTx -- thank you, Mr. Tanksley! ;-) if (strnicmp(you.your_name, "LPT", 3) == 0) { switch (william_tanksley_asked_for_this) @@ -2141,7 +2135,7 @@ bool verifyPlayerName(void) return (true); } // end switch - william_tanksley_asked_for_this --; + william_tanksley_asked_for_this--; return (false); } #endif @@ -2890,12 +2884,12 @@ spec_query: textcolor( YELLOW ); if (strlen(you.your_name) > 0) { - cprintf(you.your_name); + cprintf("%s", you.your_name); if (you.char_class != JOB_UNKNOWN) cprintf(" the "); } if (you.char_class != JOB_UNKNOWN) - cprintf(get_class_name(you.char_class)); + cprintf("%s", get_class_name(you.char_class)); if (!shortgreet) cprintf("."); @@ -3088,12 +3082,12 @@ job_query: textcolor( YELLOW ); if (strlen(you.your_name) > 0) { - cprintf(you.your_name); + cprintf("%s", you.your_name); if (you.species) cprintf(" the "); } if (you.species) - cprintf(species_name(you.species,you.experience_level)); + cprintf("%s", species_name(you.species,you.experience_level)); if (!shortgreet) cprintf("."); @@ -3125,7 +3119,7 @@ job_query: putch( letter ); cprintf( " - " ); - cprintf( get_class_name(i) ); + cprintf( "%s", get_class_name(i) ); if (j % 2) cprintf(EOL); diff --git a/crawl-ref/source/ouch.cc b/crawl-ref/source/ouch.cc index 85b53291f7..47864f127a 100644 --- a/crawl-ref/source/ouch.cc +++ b/crawl-ref/source/ouch.cc @@ -900,9 +900,7 @@ void end_game( struct scorefile_entry &se ) #endif clrscr(); - cprintf( "Goodbye, " ); - cprintf( you.your_name ); - cprintf( "." ); + cprintf( "Goodbye, %s.", you.your_name ); cprintf( EOL EOL " " ); // Space padding where # would go in list format char scorebuff[ HIGHSCORE_SIZE ]; diff --git a/crawl-ref/source/output.cc b/crawl-ref/source/output.cc index 55dd0b7094..3bd2f8d2e1 100644 --- a/crawl-ref/source/output.cc +++ b/crawl-ref/source/output.cc @@ -285,7 +285,7 @@ void print_stats(void) Options.terse_hand ); str_pass[39] = 0; - cprintf(str_pass); + cprintf("%s", str_pass); textcolor(LIGHTGREY); } else diff --git a/crawl-ref/source/overmap.cc b/crawl-ref/source/overmap.cc index 52759b1079..2e4a236156 100644 --- a/crawl-ref/source/overmap.cc +++ b/crawl-ref/source/overmap.cc @@ -519,7 +519,7 @@ void seen_other_thing( unsigned char which_thing ) * prints "More..." message, read key, clear screen and after that prints new * line */ -void print_one_simple_line( const char *line , int colour) +void print_one_simple_line( const char *line, int colour) { if (map_lines == (get_number_of_lines() - 2)) { @@ -532,9 +532,7 @@ void print_one_simple_line( const char *line , int colour) } textcolor( colour ); - cprintf( line ); - cprintf( EOL ); - + cprintf( "%s" EOL, line ); map_lines++; } @@ -554,16 +552,16 @@ void print_one_highlighted_line( const char *pre, const char *text, if (pre[0] != 0) { textcolor( LIGHTGREY ); - cprintf( pre ); + cprintf( "%s", pre ); } textcolor( colour ); - cprintf( text ); + cprintf( "%s", text ); if (post[0] != 0) { textcolor( LIGHTGREY ); - cprintf( post ); + cprintf( "%s", post ); } cprintf( EOL ); diff --git a/crawl-ref/source/player.cc b/crawl-ref/source/player.cc index 477494b457..87b89cdc4a 100644 --- a/crawl-ref/source/player.cc +++ b/crawl-ref/source/player.cc @@ -3175,7 +3175,7 @@ void redraw_skill(const char your_name[kNameLen], const char class_name[80]) gotoxy(40, 1); textcolor( LIGHTGREY ); - cprintf( print_it ); + cprintf( "%s", print_it ); } // end redraw_skill() // Note that this function only has the one static buffer, so if you diff --git a/crawl-ref/source/shopping.cc b/crawl-ref/source/shopping.cc index f605cd468d..fe2e6f81c6 100644 --- a/crawl-ref/source/shopping.cc +++ b/crawl-ref/source/shopping.cc @@ -141,7 +141,7 @@ char in_a_shop( char shoppy, id_arr id ) textcolor((i % 2) ? WHITE : LIGHTGREY); it_name(itty, DESC_NOCAP_A, st_pass); - cprintf(st_pass); + cprintf("%s", st_pass); std::string desc; if (is_dumpable_artifact(mitm[itty], Options.verbose_dump)) @@ -155,8 +155,7 @@ char in_a_shop( char shoppy, id_arr id ) gotoxy(60, i); textcolor( can_afford ? LIGHTGREEN : LIGHTRED ); snprintf(st_pass, sizeof(st_pass), "%5d", gp_value); - cprintf(st_pass); - cprintf(" gold"); + cprintf("%s gold", st_pass); if (mitm[itty].link == NON_ITEM) break; @@ -356,7 +355,7 @@ void shop_print( const char *shoppy, char sh_lines ) { gotoxy(1, sh_lines); - cprintf(shoppy); + cprintf("%s", shoppy); for (int i = strlen(shoppy); i < 80; i++) cprintf(" "); diff --git a/crawl-ref/source/spl-book.cc b/crawl-ref/source/spl-book.cc index 16c17b38a5..101b8d6f07 100644 --- a/crawl-ref/source/spl-book.cc +++ b/crawl-ref/source/spl-book.cc @@ -794,7 +794,7 @@ unsigned char spellbook_contents( item_def &book, int action, char str_pass[ ITEMNAME_SIZE ]; item_name( book, DESC_CAP_THE, str_pass ); - out.cprintf( str_pass ); + out.cprintf( "%s", str_pass ); out.cprintf( EOL EOL " Spells Type Level" EOL ); @@ -851,7 +851,7 @@ unsigned char spellbook_contents( item_def &book, int action, out.cprintf(strng); out.cprintf(" - "); - out.cprintf( spell_title(spell_types[j]) ); + out.cprintf( "%s", spell_title(spell_types[j]) ); out.gotoxy( 35, -1 ); @@ -868,7 +868,7 @@ unsigned char spellbook_contents( item_def &book, int action, if (already) out.cprintf( "/" ); - out.cprintf( spelltype_name( 1 << i ) ); + out.cprintf( "%s", spelltype_name( 1 << i ) ); already = true; } } diff --git a/crawl-ref/source/spl-cast.cc b/crawl-ref/source/spl-cast.cc index 2792966e76..ed4b701003 100644 --- a/crawl-ref/source/spl-cast.cc +++ b/crawl-ref/source/spl-cast.cc @@ -164,7 +164,7 @@ char list_spells(void) if (already) cprintf( "/" ); - cprintf( spelltype_short_name( 1 << i ) ); + cprintf( "%s", spelltype_short_name( 1 << i ) ); already = true; } } diff --git a/crawl-ref/source/stash.cc b/crawl-ref/source/stash.cc index 10f17c4041..f09851b52a 100644 --- a/crawl-ref/source/stash.cc +++ b/crawl-ref/source/stash.cc @@ -344,7 +344,7 @@ void StashMenu::draw_title() { gotoxy(1, 1); textcolor(title->colour); - cprintf(title->text.c_str()); + cprintf( "%s", title->text.c_str()); if (title->quantity) cprintf(", %d item%s", title->quantity, title->quantity == 1? "" : "s"); |