diff options
-rw-r--r-- | indra/linux_crash_logger/linux_crash_logger.cpp | 8 | ||||
-rw-r--r-- | indra/llcommon/lldefs.h | 11 | ||||
-rw-r--r-- | indra/llinventory/llinventory.cpp | 30 | ||||
-rw-r--r-- | indra/llinventory/lllandmark.cpp | 4 | ||||
-rw-r--r-- | indra/llinventory/llpermissions.cpp | 24 | ||||
-rw-r--r-- | indra/llinventory/llsaleinfo.cpp | 8 | ||||
-rw-r--r-- | indra/llmath/llvolume.cpp | 24 | ||||
-rw-r--r-- | indra/llmessage/llcachename.cpp | 16 | ||||
-rw-r--r-- | indra/mac_crash_logger/mac_crash_logger.cpp | 14 | ||||
-rw-r--r-- | indra/mac_updater/mac_updater.cpp | 3 | ||||
-rw-r--r-- | indra/newview/English.lproj/InfoPlist.strings | 4 | ||||
-rw-r--r-- | indra/newview/Info-SecondLife.plist | 2 | ||||
-rw-r--r-- | indra/newview/lldrawpoolbump.cpp | 3 | ||||
-rw-r--r-- | indra/newview/llinventorymodel.cpp | 3 | ||||
-rw-r--r-- | indra/newview/llmutelist.cpp | 4 | ||||
-rw-r--r-- | indra/newview/llviewerinventory.cpp | 5 | ||||
-rw-r--r-- | indra/newview/llviewerkeyboard.cpp | 3 | ||||
-rw-r--r-- | indra/newview/llviewermenu.cpp | 13 | ||||
-rw-r--r-- | indra/newview/llviewerobject.cpp | 3 | ||||
-rw-r--r-- | indra/newview/llwearable.cpp | 9 | ||||
-rw-r--r-- | indra/win_crash_logger/win_crash_logger.cpp | 6 |
21 files changed, 134 insertions, 63 deletions
diff --git a/indra/linux_crash_logger/linux_crash_logger.cpp b/indra/linux_crash_logger/linux_crash_logger.cpp index 2e7d6ef70d..12a513c136 100644 --- a/indra/linux_crash_logger/linux_crash_logger.cpp +++ b/indra/linux_crash_logger/linux_crash_logger.cpp @@ -219,10 +219,8 @@ int main(int argc, char **argv) db_filep = new LLFileEncoder("DB", db_file_name.c_str()); // Get the filename of the SecondLife.log file - // *TODO tofu - get right MAX_PATH. - // *FIX: What's up with this? This #define just can't be safe. -#define MAX_PATH PATH_MAX - char tmp_sl_name[MAX_PATH]; + // *NOTE: These buffer sizes are hardcoded into a scanf() below. + char tmp_sl_name[LL_MAX_PATH]; tmp_sl_name[0] = '\0'; char tmp_space[256]; tmp_space[0] = '\0'; @@ -232,7 +230,7 @@ int main(int argc, char **argv) { // This was originally scanning for "SL Log: %[^\r\n]", which happily skipped to the next line // on debug logs (which don't have anything after "SL Log:" and tried to open a nonsensical filename. - sscanf(db_filep->mBuf.c_str(), "SL Log:%[ ]%[^\r\n]", tmp_space, tmp_sl_name); + sscanf(db_filep->mBuf.c_str(), "SL Log:%255[ ]%1023[^\r\n]", tmp_space, tmp_sl_name); } else { diff --git a/indra/llcommon/lldefs.h b/indra/llcommon/lldefs.h index 63322effbe..45fb8b9f84 100644 --- a/indra/llcommon/lldefs.h +++ b/indra/llcommon/lldefs.h @@ -113,11 +113,22 @@ const U32 RIGHT_SIDE = 4; const U32 TOP_SIDE = 5; const U32 BOTTOM_SIDE = 6; + +// +// *NOTE: These values may be used as hard-coded numbers in scanf() variants. +// +// -------------- +// DO NOT CHANGE. +// -------------- +// const U32 LL_MAX_PATH = 1024; // buffer size of maximum path + filename string length // For strings we send in messages const U32 STD_STRING_BUF_SIZE = 255; // Buffer size const U32 STD_STRING_STR_LEN = 254; // Length of the string (not including \0) + +// *NOTE: This value is used as hard-coded numbers in scanf() variants. +// DO NOT CHANGE. const U32 MAX_STRING = STD_STRING_BUF_SIZE; // Buffer size const U32 MAXADDRSTR = 17; // 123.567.901.345 = 15 chars + \0 + 1 for good luck diff --git a/indra/llinventory/llinventory.cpp b/indra/llinventory/llinventory.cpp index bffc4df281..cad1371247 100644 --- a/indra/llinventory/llinventory.cpp +++ b/indra/llinventory/llinventory.cpp @@ -301,6 +301,8 @@ void LLInventoryObject::setType(LLAssetType::EType type) // virtual BOOL LLInventoryObject::importLegacyStream(std::istream& input_stream) { + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -339,7 +341,7 @@ BOOL LLInventoryObject::importLegacyStream(std::istream& input_stream) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %254s %[^|]", keyword, valuestr); + sscanf(buffer, " %254s %254[^|]", keyword, valuestr); mName.assign(valuestr); LLString::replaceNonstandardASCII(mName, ' '); LLString::replaceChar(mName, '|', ' '); @@ -662,6 +664,8 @@ BOOL LLInventoryItem::unpackMessage(LLMessageSystem* msg, const char* block, S32 // virtual BOOL LLInventoryItem::importFile(FILE* fp) { + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -750,7 +754,7 @@ BOOL LLInventoryItem::importFile(FILE* fp) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %254s%[\t]%[^|]", keyword, junk, valuestr); + sscanf(buffer, " %254s%254[\t]%254[^|]", keyword, junk, valuestr); // IW: sscanf chokes and puts | in valuestr if there's no name if (valuestr[0] == '|') @@ -766,7 +770,7 @@ BOOL LLInventoryItem::importFile(FILE* fp) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %s%[\t]%[^|]", keyword, junk, valuestr); + sscanf(buffer, " %254s%254[\t]%254[^|]", keyword, junk, valuestr); if (valuestr[0] == '|') { @@ -856,6 +860,8 @@ BOOL LLInventoryItem::exportFile(FILE* fp, BOOL include_asset_key) const // virtual BOOL LLInventoryItem::importLegacyStream(std::istream& input_stream) { + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -870,7 +876,7 @@ BOOL LLInventoryItem::importLegacyStream(std::istream& input_stream) while(success && input_stream.good()) { input_stream.getline(buffer, MAX_STRING); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %254s %254s", keyword, valuestr); if(!keyword) { continue; @@ -944,7 +950,7 @@ BOOL LLInventoryItem::importLegacyStream(std::istream& input_stream) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %s%[\t]%[^|]", keyword, junk, valuestr); + sscanf(buffer, " %254s%254[\t]%254[^|]", keyword, junk, valuestr); // IW: sscanf chokes and puts | in valuestr if there's no name if (valuestr[0] == '|') @@ -960,7 +966,7 @@ BOOL LLInventoryItem::importLegacyStream(std::istream& input_stream) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %s%[\t]%[^|]", keyword, junk, valuestr); + sscanf(buffer, " %254s%254[\t]%254[^|]", keyword, junk, valuestr); if (valuestr[0] == '|') { @@ -1503,6 +1509,8 @@ void LLInventoryCategory::unpackMessage(LLMessageSystem* msg, // virtual BOOL LLInventoryCategory::importFile(FILE* fp) { + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -1512,7 +1520,7 @@ BOOL LLInventoryCategory::importFile(FILE* fp) while(!feof(fp)) { fgets(buffer, MAX_STRING, fp); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %254s %254s", keyword, valuestr); if(!keyword) { continue; @@ -1545,7 +1553,7 @@ BOOL LLInventoryCategory::importFile(FILE* fp) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %s %[^|]", keyword, valuestr); + sscanf(buffer, " %254s %254[^|]", keyword, valuestr); mName.assign(valuestr); LLString::replaceNonstandardASCII(mName, ' '); LLString::replaceChar(mName, '|', ' '); @@ -1578,6 +1586,8 @@ BOOL LLInventoryCategory::exportFile(FILE* fp, BOOL) const // virtual BOOL LLInventoryCategory::importLegacyStream(std::istream& input_stream) { + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -1587,7 +1597,7 @@ BOOL LLInventoryCategory::importLegacyStream(std::istream& input_stream) while(input_stream.good()) { input_stream.getline(buffer, MAX_STRING); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %254s %254s", keyword, valuestr); if(!keyword) { continue; @@ -1620,7 +1630,7 @@ BOOL LLInventoryCategory::importLegacyStream(std::istream& input_stream) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %s %[^|]", keyword, valuestr); + sscanf(buffer, " %254s %254[^|]", keyword, valuestr); mName.assign(valuestr); LLString::replaceNonstandardASCII(mName, ' '); LLString::replaceChar(mName, '|', ' '); diff --git a/indra/llinventory/lllandmark.cpp b/indra/llinventory/lllandmark.cpp index a99bd42344..00d373cf02 100644 --- a/indra/llinventory/lllandmark.cpp +++ b/indra/llinventory/lllandmark.cpp @@ -119,10 +119,12 @@ LLLandmark* LLLandmark::constructFromString(const char *buffer) } else if(version == 2) { + // *NOTE: Changing the buffer size will require changing the + // scanf call below. char region_id_str[MAX_STRING]; LLVector3 pos; cur += chars_read; - count = sscanf(cur, "region_id %s\n%n", region_id_str, &chars_read); + count = sscanf(cur, "region_id %254s\n%n", region_id_str, &chars_read); if(count != 1) goto error; cur += chars_read; count = sscanf(cur, "local_pos %f %f %f\n%n", pos.mV+VX, pos.mV+VY, pos.mV+VZ, &chars_read); diff --git a/indra/llinventory/llpermissions.cpp b/indra/llinventory/llpermissions.cpp index 2063ac33d6..124ba4d634 100644 --- a/indra/llinventory/llpermissions.cpp +++ b/indra/llinventory/llpermissions.cpp @@ -492,6 +492,8 @@ BOOL LLPermissions::importFile(FILE *fp) init(LLUUID::null, LLUUID::null, LLUUID::null, LLUUID::null); const S32 BUFSIZE = 16384; + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[BUFSIZE]; char keyword[256]; char valuestr[256]; @@ -504,7 +506,7 @@ BOOL LLPermissions::importFile(FILE *fp) while (!feof(fp)) { fgets(buffer, BUFSIZE, fp); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %255s %255s", keyword, valuestr); if (!keyword) { continue; @@ -552,22 +554,22 @@ BOOL LLPermissions::importFile(FILE *fp) } else if (!strcmp("creator_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mCreator.set(uuid_str); } else if (!strcmp("owner_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mOwner.set(uuid_str); } else if (!strcmp("last_owner_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mLastOwner.set(uuid_str); } else if (!strcmp("group_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mGroup.set(uuid_str); } else if (!strcmp("group_owned", keyword)) @@ -625,6 +627,8 @@ BOOL LLPermissions::importLegacyStream(std::istream& input_stream) init(LLUUID::null, LLUUID::null, LLUUID::null, LLUUID::null); const S32 BUFSIZE = 16384; + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[BUFSIZE]; char keyword[256]; char valuestr[256]; @@ -637,7 +641,7 @@ BOOL LLPermissions::importLegacyStream(std::istream& input_stream) while (input_stream.good()) { input_stream.getline(buffer, BUFSIZE); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %255s %255s", keyword, valuestr); if (!keyword) { continue; @@ -685,22 +689,22 @@ BOOL LLPermissions::importLegacyStream(std::istream& input_stream) } else if (!strcmp("creator_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mCreator.set(uuid_str); } else if (!strcmp("owner_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mOwner.set(uuid_str); } else if (!strcmp("last_owner_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mLastOwner.set(uuid_str); } else if (!strcmp("group_id", keyword)) { - sscanf(valuestr, "%s", uuid_str); + sscanf(valuestr, "%255s", uuid_str); mGroup.set(uuid_str); } else if (!strcmp("group_owned", keyword)) diff --git a/indra/llinventory/llsaleinfo.cpp b/indra/llinventory/llsaleinfo.cpp index 7e2b293d42..2bfac4d3e7 100644 --- a/indra/llinventory/llsaleinfo.cpp +++ b/indra/llinventory/llsaleinfo.cpp @@ -139,6 +139,8 @@ BOOL LLSaleInfo::importFile(FILE* fp, BOOL& has_perm_mask, U32& perm_mask) { has_perm_mask = FALSE; + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -149,7 +151,7 @@ BOOL LLSaleInfo::importFile(FILE* fp, BOOL& has_perm_mask, U32& perm_mask) while(success && (!feof(fp))) { fgets(buffer, MAX_STRING, fp); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %254s %254s", keyword, valuestr); if(!keyword) { continue; @@ -190,6 +192,8 @@ BOOL LLSaleInfo::importLegacyStream(std::istream& input_stream, BOOL& has_perm_m { has_perm_mask = FALSE; + // *NOTE: Changing the buffer size will require changing the scanf + // calls below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -200,7 +204,7 @@ BOOL LLSaleInfo::importLegacyStream(std::istream& input_stream, BOOL& has_perm_m while(success && input_stream.good()) { input_stream.getline(buffer, MAX_STRING); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %254s %254s", keyword, valuestr); if(!keyword) { continue; diff --git a/indra/llmath/llvolume.cpp b/indra/llmath/llvolume.cpp index da2dbf23c3..0f8adb2f5c 100644 --- a/indra/llmath/llvolume.cpp +++ b/indra/llmath/llvolume.cpp @@ -706,6 +706,8 @@ BOOL LLProfileParams::importFile(FILE *fp) { const S32 BUFSIZE = 16384; char buffer[BUFSIZE]; + // *NOTE: changing the size or type of these buffers will require + // changing the sscanf below. char keyword[256]; char valuestr[256]; keyword[0] = 0; @@ -716,7 +718,7 @@ BOOL LLProfileParams::importFile(FILE *fp) while (!feof(fp)) { fgets(buffer, BUFSIZE, fp); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %255s %255s", keyword, valuestr); if (!keyword) { continue; @@ -776,6 +778,8 @@ BOOL LLProfileParams::importLegacyStream(std::istream& input_stream) { const S32 BUFSIZE = 16384; char buffer[BUFSIZE]; + // *NOTE: changing the size or type of these buffers will require + // changing the sscanf below. char keyword[256]; char valuestr[256]; keyword[0] = 0; @@ -786,7 +790,7 @@ BOOL LLProfileParams::importLegacyStream(std::istream& input_stream) while (input_stream.good()) { input_stream.getline(buffer, BUFSIZE); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %255s %255s", keyword, valuestr); if (!keyword) { continue; @@ -1196,6 +1200,8 @@ BOOL LLPathParams::importFile(FILE *fp) { const S32 BUFSIZE = 16384; char buffer[BUFSIZE]; + // *NOTE: changing the size or type of these buffers will require + // changing the sscanf below. char keyword[256]; char valuestr[256]; keyword[0] = 0; @@ -1208,7 +1214,7 @@ BOOL LLPathParams::importFile(FILE *fp) while (!feof(fp)) { fgets(buffer, BUFSIZE, fp); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %255s %255s", keyword, valuestr); if (!keyword) { continue; @@ -1335,6 +1341,8 @@ BOOL LLPathParams::importLegacyStream(std::istream& input_stream) { const S32 BUFSIZE = 16384; char buffer[BUFSIZE]; + // *NOTE: changing the size or type of these buffers will require + // changing the sscanf below. char keyword[256]; char valuestr[256]; keyword[0] = 0; @@ -1347,7 +1355,7 @@ BOOL LLPathParams::importLegacyStream(std::istream& input_stream) while (input_stream.good()) { input_stream.getline(buffer, BUFSIZE); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %255s %255s", keyword, valuestr); if (!keyword) { continue; @@ -3321,13 +3329,15 @@ BOOL LLVolumeParams::importFile(FILE *fp) //llinfos << "importing volume" << llendl; const S32 BUFSIZE = 16384; char buffer[BUFSIZE]; + // *NOTE: changing the size or type of this buffer will require + // changing the sscanf below. char keyword[256]; keyword[0] = 0; while (!feof(fp)) { fgets(buffer, BUFSIZE, fp); - sscanf(buffer, " %s", keyword); + sscanf(buffer, " %255s", keyword); if (!keyword) { continue; @@ -3372,6 +3382,8 @@ BOOL LLVolumeParams::importLegacyStream(std::istream& input_stream) { //llinfos << "importing volume" << llendl; const S32 BUFSIZE = 16384; + // *NOTE: changing the size or type of this buffer will require + // changing the sscanf below. char buffer[BUFSIZE]; char keyword[256]; keyword[0] = 0; @@ -3379,7 +3391,7 @@ BOOL LLVolumeParams::importLegacyStream(std::istream& input_stream) while (input_stream.good()) { input_stream.getline(buffer, BUFSIZE); - sscanf(buffer, " %s", keyword); + sscanf(buffer, " %255s", keyword); if (!keyword) { continue; diff --git a/indra/llmessage/llcachename.cpp b/indra/llmessage/llcachename.cpp index e5bc3814f6..2232e8642b 100644 --- a/indra/llmessage/llcachename.cpp +++ b/indra/llmessage/llcachename.cpp @@ -265,6 +265,7 @@ void LLCacheName::importFile(FILE* fp) const S32 BUFFER_SIZE = 1024; char buffer[BUFFER_SIZE]; /*Flawfinder: ignore*/ + // *NOTE: These buffer sizes are hardcoded into sscanf() below char id_string[MAX_STRING]; /*Flawfinder: ignore*/ char firstname[MAX_STRING]; /*Flawfinder: ignore*/ char lastname[MAX_STRING]; /*Flawfinder: ignore*/ @@ -274,9 +275,10 @@ void LLCacheName::importFile(FILE* fp) char* valid = fgets(buffer, BUFFER_SIZE, fp); if (!valid) return; + // *NOTE: This buffer size is hardcoded into sscanf() below char version_string[BUFFER_SIZE]; /*Flawfinder: ignore*/ S32 version = 0; - S32 match = sscanf(buffer, "%s %d", version_string, &version); // XXXTBD + S32 match = sscanf(buffer, "%1023s %d", version_string, &version); if ( match != 2 || strcmp(version_string, "version") || version != CN_FILE_VERSION) @@ -295,11 +297,13 @@ void LLCacheName::importFile(FILE* fp) valid = fgets(buffer, BUFFER_SIZE, fp); if (!valid) break; - match = sscanf(buffer, "%s %u %s %s", // XXXTBD - id_string, - &create_time, - firstname, - lastname); + match = sscanf( + buffer, + "%254s %u %254s %254s", + id_string, + &create_time, + firstname, + lastname); if (4 != match) continue; LLUUID id(id_string); diff --git a/indra/mac_crash_logger/mac_crash_logger.cpp b/indra/mac_crash_logger/mac_crash_logger.cpp index 5e6d9ba2f0..abf8c4f038 100644 --- a/indra/mac_crash_logger/mac_crash_logger.cpp +++ b/indra/mac_crash_logger/mac_crash_logger.cpp @@ -311,9 +311,13 @@ int main(int argc, char **argv) db_filep = new LLFileEncoder("DB", db_file_name.c_str()); // Get the filename of the SecondLife.log file - char tmp_sl_name[MAX_PATH]; + + // *NOTE: changing the size of either of these buffers will + // require changing the sscanf() format string to correctly + // account for it. + char tmp_sl_name[LL_MAX_PATH]; tmp_sl_name[0] = '\0'; - char tmp_space[256]; + char tmp_space[MAX_STRING]; tmp_space[0] = '\0'; // Look for it in the debug_info.log file @@ -321,7 +325,11 @@ int main(int argc, char **argv) { // This was originally scanning for "SL Log: %[^\r\n]", which happily skipped to the next line // on debug logs (which don't have anything after "SL Log:" and tried to open a nonsensical filename. - sscanf(db_filep->mBuf.c_str(), "SL Log:%[ ]%[^\r\n]", tmp_space, tmp_sl_name); + sscanf( + db_filep->mBuf.c_str(), + "SL Log:%254[ ]%1023[^\r\n]", + tmp_space, + tmp_sl_name); } else { diff --git a/indra/mac_updater/mac_updater.cpp b/indra/mac_updater/mac_updater.cpp index df054fb94a..76c88bec5c 100644 --- a/indra/mac_updater/mac_updater.cpp +++ b/indra/mac_updater/mac_updater.cpp @@ -594,6 +594,7 @@ void *updatethreadproc(void*) char tempDir[PATH_MAX] = ""; FSRef tempDirRef; char temp[PATH_MAX]; + // *NOTE: This buffer length is used in a scanf() below. char deviceNode[1024] = ""; FILE *downloadFile = NULL; OSStatus err; @@ -918,7 +919,7 @@ void *updatethreadproc(void*) if(sub != NULL) { sub += strlen(prefix); - sscanf(sub, "%s", deviceNode); + sscanf(sub, "%1023s", deviceNode); } } diff --git a/indra/newview/English.lproj/InfoPlist.strings b/indra/newview/English.lproj/InfoPlist.strings index ccb92f9fba..2df618fdd7 100644 --- a/indra/newview/English.lproj/InfoPlist.strings +++ b/indra/newview/English.lproj/InfoPlist.strings @@ -1,5 +1,5 @@ /* Localized versions of Info.plist keys */ CFBundleName = "Second Life"; -CFBundleShortVersionString = "Second Life version 1.13.2.11"; -CFBundleGetInfoString = "Second Life version 1.13.2.11, Copyright 2004-2006 Linden Research, Inc."; +CFBundleShortVersionString = "Second Life version 1.13.2.13"; +CFBundleGetInfoString = "Second Life version 1.13.2.13, Copyright 2004-2006 Linden Research, Inc."; diff --git a/indra/newview/Info-SecondLife.plist b/indra/newview/Info-SecondLife.plist index 458c5e1b7d..9a935e20a0 100644 --- a/indra/newview/Info-SecondLife.plist +++ b/indra/newview/Info-SecondLife.plist @@ -32,7 +32,7 @@ </dict> </array> <key>CFBundleVersion</key> - <string>1.13.2.11</string> + <string>1.13.2.13</string> <key>CSResourcesFileMapped</key> <true/> </dict> diff --git a/indra/newview/lldrawpoolbump.cpp b/indra/newview/lldrawpoolbump.cpp index b9d1cb17a0..c1be103b68 100644 --- a/indra/newview/lldrawpoolbump.cpp +++ b/indra/newview/lldrawpoolbump.cpp @@ -94,9 +94,10 @@ void LLStandardBumpmap::restoreGL() while( !feof(file) && (LLStandardBumpmap::sStandardBumpmapCount < (U32)TEM_BUMPMAP_COUNT) ) { + // *NOTE: This buffer size is hard coded into scanf() below. char label[2048] = ""; char bump_file[2048] = ""; - fields_read = fscanf( file, "\n%s %s", label, bump_file); + fields_read = fscanf( file, "\n%2047s %2047s", label, bump_file); if( EOF == fields_read ) { break; diff --git a/indra/newview/llinventorymodel.cpp b/indra/newview/llinventorymodel.cpp index cf9ae97b5f..0392b38aec 100644 --- a/indra/newview/llinventorymodel.cpp +++ b/indra/newview/llinventorymodel.cpp @@ -1947,11 +1947,12 @@ bool LLInventoryModel::loadFromFile( llinfos << "unable to load inventory from: " << filename << llendl; return false; } + // *NOTE: This buffer size is hard coded into scanf() below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; while(!feof(file) && fgets(buffer, MAX_STRING, file)) { - sscanf(buffer, " %s", keyword); + sscanf(buffer, " %254s", keyword); if(0 == strcmp("inv_category", keyword)) { LLPointer<LLViewerInventoryCategory> inv_cat = new LLViewerInventoryCategory(LLUUID::null); diff --git a/indra/newview/llmutelist.cpp b/indra/newview/llmutelist.cpp index fc8ac0a372..53b7bf80f7 100644 --- a/indra/newview/llmutelist.cpp +++ b/indra/newview/llmutelist.cpp @@ -344,6 +344,8 @@ BOOL LLMuteList::loadFromFile(const LLString& filename) return FALSE; } + // *NOTE: Changing the size of these buffers will require changes + // in the scanf below. char id_buffer[MAX_STRING]; char name_buffer[MAX_STRING]; char buffer[MAX_STRING]; @@ -353,7 +355,7 @@ BOOL LLMuteList::loadFromFile(const LLString& filename) id_buffer[0] = '\0'; name_buffer[0] = '\0'; S32 type = 0; - sscanf(buffer, " %d %s %[^|]", &type, id_buffer, name_buffer); + sscanf(buffer, " %d %254s %254[^|]", &type, id_buffer, name_buffer); LLUUID id = LLUUID(id_buffer); LLMute mute(id, name_buffer, (LLMute::EType)type); if (mute.mID.isNull() diff --git a/indra/newview/llviewerinventory.cpp b/indra/newview/llviewerinventory.cpp index 9c2638362e..24c230a387 100644 --- a/indra/newview/llviewerinventory.cpp +++ b/indra/newview/llviewerinventory.cpp @@ -430,6 +430,7 @@ bool LLViewerInventoryCategory::fetchDescendents() bool LLViewerInventoryCategory::importFileLocal(FILE* fp) { + // *NOTE: This buffer size is hard coded into scanf() below. char buffer[MAX_STRING]; char keyword[MAX_STRING]; char valuestr[MAX_STRING]; @@ -439,7 +440,7 @@ bool LLViewerInventoryCategory::importFileLocal(FILE* fp) while(!feof(fp)) { fgets(buffer, MAX_STRING, fp); - sscanf(buffer, " %s %s", keyword, valuestr); + sscanf(buffer, " %254s %254s", keyword, valuestr); if(!keyword) { continue; @@ -472,7 +473,7 @@ bool LLViewerInventoryCategory::importFileLocal(FILE* fp) { //strcpy(valuestr, buffer + strlen(keyword) + 3); // *NOTE: Not ANSI C, but widely supported. - sscanf(buffer, " %s %[^|]", keyword, valuestr); + sscanf(buffer, " %254s %254[^|]", keyword, valuestr); mName.assign(valuestr); LLString::replaceNonstandardASCII(mName, ' '); LLString::replaceChar(mName, '|', ' '); diff --git a/indra/newview/llviewerkeyboard.cpp b/indra/newview/llviewerkeyboard.cpp index 8f31f1192a..714087e701 100644 --- a/indra/newview/llviewerkeyboard.cpp +++ b/indra/newview/llviewerkeyboard.cpp @@ -685,6 +685,7 @@ S32 LLViewerKeyboard::loadBindings(const char *filename) FILE *fp; const S32 BUFFER_SIZE = 2048; char buffer[BUFFER_SIZE]; + // *NOTE: This buffer size is hard coded into scanf() below. char mode_string[MAX_STRING]; char key_string[MAX_STRING]; char mask_string[MAX_STRING]; @@ -714,7 +715,7 @@ S32 LLViewerKeyboard::loadBindings(const char *filename) if (buffer[0] == '#' || buffer[0] == '\n') continue; // grab the binding strings - tokens_read = sscanf(buffer, "%s %s %s %s", mode_string, key_string, mask_string, function_string); + tokens_read = sscanf(buffer, "%254s %254s %254s %254s", mode_string, key_string, mask_string, function_string); if (tokens_read == EOF) { diff --git a/indra/newview/llviewermenu.cpp b/indra/newview/llviewermenu.cpp index 5ce64156a0..b2889f961a 100644 --- a/indra/newview/llviewermenu.cpp +++ b/indra/newview/llviewermenu.cpp @@ -3946,6 +3946,7 @@ void force_import_geometry(void*) child = root->getNextNamedChild()) { // get object data + // *NOTE: This buffer size is hard coded into scanf() below. char name[255]; // Shape char description[255]; // Description U32 material; // Material @@ -3978,9 +3979,9 @@ void force_import_geometry(void*) child->getAttributeString("PCode", &attribute); pcode = atoi(attribute.c_str()); child->getAttributeString("Shape", &attribute); - sscanf(attribute.c_str(), "%s", name); + sscanf(attribute.c_str(), "%254s", name); child->getAttributeString("Description", &attribute); - sscanf(attribute.c_str(), "%s", description); + sscanf(attribute.c_str(), "%254s", description); child->getAttributeString("Material", &attribute); material = atoi(attribute.c_str()); child->getAttributeString("Scale", &attribute); @@ -4060,6 +4061,7 @@ void force_import_geometry(void*) // read the faces U32 facenumber; LLColor4 color; + // *NOTE: This buffer size is hard coded into scanf() below. char texture[UUID_STR_LENGTH]; LLUUID texid; texid.toString(texture); @@ -4070,7 +4072,7 @@ void force_import_geometry(void*) face->getAttributeString("FaceColor", &attribute); sscanf(attribute, "%d %f %f %f %f", &facenumber, &color.mV[VX], &color.mV[VY], &color.mV[VZ], &color.mV[VW]); face->getAttributeString("Face", &attribute); - sscanf(attribute, "%d %f %f %f %f %f %d %s", &facenumber, &sx, &sy, &ox, &oy, &rot, &bump, texture); + sscanf(attribute, "%d %f %f %f %f %f %d %36s", &facenumber, &sx, &sy, &ox, &oy, &rot, &bump, texture); texid.set(texture); te.setColor(color); te.setBumpShinyFullbright(bump); @@ -5487,7 +5489,8 @@ void upload_new_resource(const LLString& src_filename, std::string name, if (fscanf(in, "LindenResource\nversion %d\n", &version)) { if (2 == version) - { + { + // *NOTE: This buffer size is hard coded into scanf() below. char label[MAX_STRING]; char value[MAX_STRING]; S32 tokens_read; @@ -5495,7 +5498,7 @@ void upload_new_resource(const LLString& src_filename, std::string name, { label[0] = '\0'; value[0] = '\0'; - tokens_read = sscanf(buf, "%s %s\n", label, value); + tokens_read = sscanf(buf, "%254s %254s\n", label, value); llinfos << "got: " << label << " = " << value << llendl; diff --git a/indra/newview/llviewerobject.cpp b/indra/newview/llviewerobject.cpp index 0d1910429e..0f1479af68 100644 --- a/indra/newview/llviewerobject.cpp +++ b/indra/newview/llviewerobject.cpp @@ -2377,6 +2377,7 @@ void LLViewerObject::loadTaskInvFile(const char* filename) if(ifs.good()) { char buffer[MAX_STRING]; + // *NOTE: This buffer size is hard coded into scanf() below. char keyword[MAX_STRING]; if(mInventory) { @@ -2389,7 +2390,7 @@ void LLViewerObject::loadTaskInvFile(const char* filename) while(ifs.good()) { ifs.getline(buffer, MAX_STRING); - sscanf(buffer, " %s", keyword); + sscanf(buffer, " %254s", keyword); if(0 == strcmp("inv_item", keyword)) { LLPointer<LLInventoryObject> inv = new LLViewerInventoryItem; diff --git a/indra/newview/llwearable.cpp b/indra/newview/llwearable.cpp index ebe3c69c5c..4fe8a4b98e 100644 --- a/indra/newview/llwearable.cpp +++ b/indra/newview/llwearable.cpp @@ -246,6 +246,9 @@ BOOL LLWearable::exportFile( FILE* file ) BOOL LLWearable::importFile( FILE* file ) { + // *NOTE: changing the type or size of this buffer will require + // changes in the fscanf() code below. You would be better off + // rewriting this to use streams and not require an open FILE. char text_buffer[2048]; S32 fields_read = 0; @@ -276,7 +279,7 @@ BOOL LLWearable::importFile( FILE* file ) else { ungetc( next_char, file ); - fields_read = fscanf( file, "%[^\n]", text_buffer ); + fields_read = fscanf( file, "%2047[^\n]", text_buffer ); if( (1 != fields_read) || (fgetc( file ) != '\n') ) { llwarns << "Bad Wearable asset: early end of file" << llendl; @@ -296,7 +299,7 @@ BOOL LLWearable::importFile( FILE* file ) else { ungetc( next_char, file ); - fields_read = fscanf( file, "%[^\n]", text_buffer ); + fields_read = fscanf( file, "%2047[^\n]", text_buffer ); if( (1 != fields_read) || (fgetc( file ) != '\n') ) { llwarns << "Bad Wearable asset: early end of file" << llendl; @@ -403,7 +406,7 @@ BOOL LLWearable::importFile( FILE* file ) for( i = 0; i < num_textures; i++ ) { S32 te = 0; - fields_read = fscanf( file, "%d %s\n", &te, text_buffer); + fields_read = fscanf( file, "%d %2047s\n", &te, text_buffer); if( fields_read != 2 ) { llwarns << "Bad Wearable asset: bad texture, #" << i << llendl; diff --git a/indra/win_crash_logger/win_crash_logger.cpp b/indra/win_crash_logger/win_crash_logger.cpp index decb70d822..fde3bdf7ba 100644 --- a/indra/win_crash_logger/win_crash_logger.cpp +++ b/indra/win_crash_logger/win_crash_logger.cpp @@ -477,6 +477,7 @@ void send_crash_report() db_filep = new LLFileEncoder("DB", db_file_name.c_str()); // Get the filename of the SecondLife.log file + // *NOTE: This buffer size is hard coded into scanf() below. char tmp_sl_name[256]; tmp_sl_name[0] = '\0'; @@ -487,7 +488,10 @@ void send_crash_report() // Look for it in the debug_info.log file if (db_filep->isValid()) { - sscanf((const char *)db_filep->mBuf, "SL Log: %[^\r\n]", tmp_sl_name); + sscanf( + (const char*)db_filep->mBuf, + "SL Log: %255[^\r\n]", + tmp_sl_name); } else { |