foundation: add safety guards to string manipulation

msaarna · msaarna · commit 1f6d650b1e55 · 2025-11-02T09:16:34.000-05:00
diff --git a/7800bas.c b/7800bas.c
@@ -113,7 +113,7 @@ int main (int argc, char *argv[])
 	    prefilename = optarg;
 	    break;
 	case 'v':
-	    printf ("%s (%s, %s)\n", BASIC_VERSION_INFO, __TIME__, __DATE__);
+	    fprintf (stdout,"%s (%s, %s)\n", BASIC_VERSION_INFO, __TIME__, __DATE__);
 	    exit (0);
 	case '?':
 	    fprintf (stderr, "usage: %s -r <variable redefs file> -i <includes path>\n", argv[0]);
@@ -296,7 +296,7 @@ int main (int argc, char *argv[])
 	    // look for defines and remember them
 	    strcpy (mycode, code);
 	    int k_def_search;
-            for (k_def_search = 0; k_def_search < 495; ++k_def_search)
+	    for (k_def_search = 0; k_def_search < 495 && code[k_def_search] != '\0'; ++k_def_search)
 	        if (code[k_def_search] == ' ')
 		    break;
 	    if (k_def_search < 495 && code[k_def_search] == ' ' && 
diff --git a/keywords.c b/keywords.c
@@ -104,18 +104,18 @@ void keywords (char **cstatement)
 		&& (!strncmp (cstatement[k + 1], "if", 2)) && (isConditionalContinuationToken (cstatement[k + 5])))
 	    {
 		// swap operands and switch compare
-		strncpy (cstatement[k + 3], cstatement[k + 2],200);	// stick 1st operand here temporarily
-		strncpy (cstatement[k + 2], cstatement[k + 4],200);
-		strncpy (cstatement[k + 4], cstatement[k + 3],200);	// get it back
+		strncpy (cstatement[k + 3], cstatement[k + 2],200); cstatement[k+3][200] = '\0';	// stick 1st operand here temporarily
+		strncpy (cstatement[k + 2], cstatement[k + 4],200); cstatement[k+2][200] = '\0';
+		strncpy (cstatement[k + 4], cstatement[k + 3],200); cstatement[k+4][200] = '\0';	// get it back
 		strcpy (cstatement[k + 3], "<");	// replace compare
 	    }
 	    else if (!strncmp (cstatement[k + 3], "<=", 2)
 		     && (!strncmp (cstatement[k + 1], "if", 2)) && (isConditionalContinuationToken (cstatement[k + 5])))
 	    {
 		// swap operands and switch compare
-		strncpy (cstatement[k + 3], cstatement[k + 2],200);
-		strncpy (cstatement[k + 2], cstatement[k + 4],200);
-		strncpy (cstatement[k + 4], cstatement[k + 3],200);
+		strncpy (cstatement[k + 3], cstatement[k + 2],200); cstatement[k+3][200] = '\0';
+		strncpy (cstatement[k + 2], cstatement[k + 4],200); cstatement[k+2][200] = '\0';
+		strncpy (cstatement[k + 4], cstatement[k + 3],200); cstatement[k+4][200] = '\0';
 		strcpy (cstatement[k + 3], ">=");
 	    }
 	    if (!strncmp (cstatement[k + 3], "&&", 2))
@@ -137,23 +137,26 @@ void keywords (char **cstatement)
 		    && (!strncmp (cstatement[k + 1], "if", 2)) && (isConditionalContinuationToken (cstatement[k + 7])))
 		{
 		    // swap operands and switch compare
-		    strncpy (cstatement[k + 5], cstatement[k + 4],200);	// stick 1st operand here temporarily
-		    strncpy (cstatement[k + 4], cstatement[k + 6],200);
-		    strncpy (cstatement[k + 6], cstatement[k + 5],200);	// get it back
+		    strncpy (cstatement[k + 5], cstatement[k + 4],200);	cstatement[k+5][200] = '\0';// stick 1st operand here temporarily
+		    strncpy (cstatement[k + 4], cstatement[k + 6],200);  cstatement[k+4][200] = '\0';
+		    strncpy (cstatement[k + 6], cstatement[k + 5],200);	cstatement[k+6][200] = '\0';// get it back
 		    strcpy (cstatement[k + 5], "<");	// replace compare
 		}
 		else if (!strncmp (cstatement[k + 5], "<=", 2)
 			 && (!strncmp (cstatement[k + 1], "if", 2)) && (isConditionalContinuationToken (cstatement[k + 7])))
 		{
 		    // swap operands and switch compare
-		    strncpy (cstatement[k + 5], cstatement[k + 4],200);
-		    strncpy (cstatement[k + 4], cstatement[k + 6],200);
-		    strncpy (cstatement[k + 6], cstatement[k + 5],200);
+		    strncpy (cstatement[k + 5], cstatement[k + 4],200); cstatement[k+5][200] = '\0';
+		    strncpy (cstatement[k + 4], cstatement[k + 6],200); cstatement[k+4][200] = '\0';
+		    strncpy (cstatement[k + 6], cstatement[k + 5],200); cstatement[k+6][200] = '\0';
 		    strcpy (cstatement[k + 5], ">=");
 		}
 
 		for (i = 2; i < 198 - k; ++i)
-		    strncpy (orstatement[i], cstatement[k + i + 2],200);
+	        {
+		    strncpy (orstatement[i], cstatement[k + i + 2],200); 
+	            orstatement[i][200] = '\0';
+	        }
 		if (!strncmp (cstatement[k + 5], "then", 4))
 		    compressdata (cstatement, k + 3, k + 2);
 		else if (!strncmp (cstatement[k + 7], "then", 4))
@@ -171,22 +174,25 @@ void keywords (char **cstatement)
 		    && (!strncmp (cstatement[k + 1], "if", 2)) && (isConditionalContinuationToken (cstatement[k + 9])))
 		{
 		    // swap operands and switch compare
-		    strncpy (cstatement[k + 7], cstatement[k + 6],200);	// stick 1st operand here temporarily
-		    strncpy (cstatement[k + 6], cstatement[k + 8],200);
-		    strncpy (cstatement[k + 8], cstatement[k + 7],200);	// get it back
+		    strncpy (cstatement[k + 7], cstatement[k + 6],200);	cstatement[k+7][200] = '\0';// stick 1st operand here temporarily
+		    strncpy (cstatement[k + 6], cstatement[k + 8],200);  cstatement[k+6][200] = '\0';
+		    strncpy (cstatement[k + 8], cstatement[k + 7],200);	cstatement[k+8][200] = '\0';// get it back
 		    strcpy (cstatement[k + 7], "<");	// replace compare
 		}
 		else if (!strncmp (cstatement[k + 7], "<=", 2)
 			 && (!strncmp (cstatement[k + 1], "if", 2)) && (isConditionalContinuationToken (cstatement[k + 9])))
 		{
 		    // swap operands and switch compare
-		    strncpy (cstatement[k + 7], cstatement[k + 6],200);
-		    strncpy (cstatement[k + 6], cstatement[k + 8],200);
-		    strncpy (cstatement[k + 8], cstatement[k + 7],200);
+		    strncpy (cstatement[k + 7], cstatement[k + 6],200); cstatement[k+7][200] = '\0';
+		    strncpy (cstatement[k + 6], cstatement[k + 8],200); cstatement[k+6][200] = '\0';
+		    strncpy (cstatement[k + 8], cstatement[k + 7],200); cstatement[k+8][200] = '\0';
 		    strcpy (cstatement[k + 7], ">=");
 		}
 		for (i = 2; i < 196 - k; ++i)
+	        {
 		    strncpy (orstatement[i], cstatement[k + i + 4],200);
+	            orstatement[i][200] = '\0';
+	        }
 		if (!strncmp (cstatement[k + 7], "then", 4))
 		    compressdata (cstatement, k + 5, k + 2);
 		else if (!strncmp (cstatement[k + 9], "then", 4))
@@ -214,7 +220,10 @@ void keywords (char **cstatement)
 	    }
 
 	for (i = foundelse; i < 200; ++i)
+	{
 	    strncpy (elstatement[i - foundelse], pass2elstatement[i],200);
+	    elstatement[i - foundelse][200] = '\0';
+	}
 	if (islabelelse (pass2elstatement))
 	{
 	    strcpy (pass2elstatement[foundelse++], ":");
@@ -226,6 +235,7 @@ void keywords (char **cstatement)
 	if (!islabelelse (elstatement))
 	{
 	    strncpy (elstatement[2], elstatement[1],200);
+	    elstatement[2][200] = '\0';
 	    strcpy (elstatement[1], "goto");
 	}
 	if (door)
diff --git a/statements.c b/statements.c
@@ -2306,6 +2306,11 @@ void plotmapfile (char **statement)
 
 	    //get the tile value...
 	    gid = atoi (keyword + 10);
+	    if (gid >= 256)
+	    {
+	        prwarn("plotmapfile tile gid '%d' is out of bounds (max 255), skipping", gid);
+	        continue;
+	    }
 
 	    if (gid == 0)
 		gid = 1;	//kludge - to work around empty characters
@@ -3716,7 +3721,7 @@ void incmapfile (char **statement)
             {
                 gid = atoi (firstgid + 10);
                 tilename = tilename + 6;
-                for (t = 0; t < 1024; t++)
+                for (t = 0; t < line_len; t++)
                     if (line[t] == '"')
                         line[t] = 0;
                 s = 0;
@@ -3745,7 +3750,7 @@ void incmapfile (char **statement)
         {
             free(file_buffer);
             keyword = keyword + 15;
-            for (t = 0; t < 1024; t++)
+            for (t = 0; t < line_len; t++)
                 if (line[t] == '"')
                     line[t] = 0;
             prerror ("map file '%s' is %s encoded. XML is required", statement[2], keyword);
