hardening: safer strncpy

mkalkbrenner · mkalkbrenner · commit 2136d6cfc785 · 2026-02-27T20:05:20.000+01:00
diff --git a/src/ZeDMD.cpp b/src/ZeDMD.cpp
@@ -945,7 +945,7 @@ ZEDMDAPI void ZeDMD_SetLogCallback(ZeDMD* pZeDMD, ZeDMD_LogCallback callback, co
 
 ZEDMDAPI const char* ZeDMD_FormatLogMessage(const char* format, va_list args, const void* pUserData)
 {
-  char buffer[1024];
+  static thread_local char buffer[1024];
   vsnprintf(buffer, sizeof(buffer), format, args);
 
   return buffer;
diff --git a/src/ZeDMDComm.cpp b/src/ZeDMDComm.cpp
@@ -338,19 +338,28 @@ bool ZeDMDComm::IsQueueEmpty()
 
 void ZeDMDComm::IgnoreDevice(const char* ignore_device)
 {
-  if (sizeof(ignore_device) < 32 && m_ignoredDevicesCounter < 10)
+  if (!ignore_device || m_ignoredDevicesCounter >= 10)
   {
-    strcpy(&m_ignoredDevices[m_ignoredDevicesCounter++][0], ignore_device);
+    return;
   }
+
+  const size_t maxLen = sizeof(m_ignoredDevices[0]) - 1;
+  strncpy(&m_ignoredDevices[m_ignoredDevicesCounter][0], ignore_device, maxLen);
+  m_ignoredDevices[m_ignoredDevicesCounter][maxLen] = '\0';
+  ++m_ignoredDevicesCounter;
 }
 
 void ZeDMDComm::SetDevice(const char* device)
 {
-  if (sizeof(device) < 32)
+  if (!device)
   {
-    strcpy(m_device, device);
-    m_autoDetect = false;
+    return;
   }
+
+  const size_t maxLen = sizeof(m_device) - 1;
+  strncpy(m_device, device, maxLen);
+  m_device[maxLen] = '\0';
+  m_autoDetect = false;
 }
 
 bool ZeDMDComm::Connect()

Original file line number	Diff line number	Diff line change
`@@ -945,7 +945,7 @@ ZEDMDAPI void ZeDMD_SetLogCallback(ZeDMD* pZeDMD, ZeDMD_LogCallback callback, co`
`945`	`945`
`946`	`946`	`ZEDMDAPI const char* ZeDMD_FormatLogMessage(const char* format, va_list args, const void* pUserData)`
`947`	`947`	`{`
`948`		`- char buffer[1024];`
	`948`	`+ static thread_local char buffer[1024];`
`949`	`949`	`vsnprintf(buffer, sizeof(buffer), format, args);`
`950`	`950`
`951`	`951`	`return buffer;`
Original file line number	Diff line number	Diff line change
`@@ -338,19 +338,28 @@ bool ZeDMDComm::IsQueueEmpty()`
`338`	`338`
`339`	`339`	`void ZeDMDComm::IgnoreDevice(const char* ignore_device)`
`340`	`340`	`{`
`341`		`- if (sizeof(ignore_device) < 32 && m_ignoredDevicesCounter < 10)`
	`341`	`+ if (!ignore_device \|\| m_ignoredDevicesCounter >= 10)`
`342`	`342`	`{`
`343`		`- strcpy(&m_ignoredDevices[m_ignoredDevicesCounter++][0], ignore_device);`
	`343`	`+ return;`
`344`	`344`	`}`
	`345`	`+`
	`346`	`+ const size_t maxLen = sizeof(m_ignoredDevices[0]) - 1;`
	`347`	`+ strncpy(&m_ignoredDevices[m_ignoredDevicesCounter][0], ignore_device, maxLen);`
	`348`	`+ m_ignoredDevices[m_ignoredDevicesCounter][maxLen] = '\0';`
	`349`	`+ ++m_ignoredDevicesCounter;`
`345`	`350`	`}`
`346`	`351`
`347`	`352`	`void ZeDMDComm::SetDevice(const char* device)`
`348`	`353`	`{`
`349`		`- if (sizeof(device) < 32)`
	`354`	`+ if (!device)`
`350`	`355`	`{`
`351`		`- strcpy(m_device, device);`
`352`		`- m_autoDetect = false;`
	`356`	`+ return;`
`353`	`357`	`}`
	`358`	`+`
	`359`	`+ const size_t maxLen = sizeof(m_device) - 1;`
	`360`	`+ strncpy(m_device, device, maxLen);`
	`361`	`+ m_device[maxLen] = '\0';`
	`362`	`+ m_autoDetect = false;`
`354`	`363`	`}`
`355`	`364`
`356`	`365`	`bool ZeDMDComm::Connect()`