(svn r26489) -Codechange: properly account for the end of buffers in the file io code instead of assuming MAX_PATH is okay

src/fileio.cpp

@@ -344,30 +344,30 @@ void FioFCloseFile(FILE *f)
 	fclose(f);
 }
 
-char *FioGetFullPath(char *buf, size_t buflen, Searchpath sp, Subdirectory subdir, const char *filename)
+char *FioGetFullPath(char *buf, const char *last, Searchpath sp, Subdirectory subdir, const char *filename)
 {
 	assert(subdir < NUM_SUBDIRS);
 	assert(sp < NUM_SEARCHPATHS);
 
-	snprintf(buf, buflen, "%s%s%s", _searchpaths[sp], _subdirs[subdir], filename);
+	seprintf(buf, last, "%s%s%s", _searchpaths[sp], _subdirs[subdir], filename);
 	return buf;
 }
 
 /**
  * Find a path to the filename in one of the search directories.
  * @param buf [out] Destination buffer for the path.
- * @param buflen Length of the destination buffer.
+ * @param last End of the destination buffer.
  * @param subdir Subdirectory to try.
  * @param filename Filename to look for.
  * @return \a buf containing the path if the path was found, else \c NULL.
  */
-char *FioFindFullPath(char *buf, size_t buflen, Subdirectory subdir, const char *filename)
+char *FioFindFullPath(char *buf, const char *last, Subdirectory subdir, const char *filename)
 {
 	Searchpath sp;
 	assert(subdir < NUM_SUBDIRS);
 
 	FOR_ALL_SEARCHPATHS(sp) {
-		FioGetFullPath(buf, buflen, sp, subdir, filename);
+		FioGetFullPath(buf, last, sp, subdir, filename);
 		if (FileExists(buf)) return buf;
 #if !defined(WIN32)
 		/* Be, as opening files, aware that sometimes the filename
@@ -380,27 +380,27 @@ char *FioFindFullPath(char *buf, size_t buflen, Subdirectory subdir, const char
 	return NULL;
 }
 
-char *FioAppendDirectory(char *buf, size_t buflen, Searchpath sp, Subdirectory subdir)
+char *FioAppendDirectory(char *buf, const char *last, Searchpath sp, Subdirectory subdir)
 {
 	assert(subdir < NUM_SUBDIRS);
 	assert(sp < NUM_SEARCHPATHS);
 
-	snprintf(buf, buflen, "%s%s", _searchpaths[sp], _subdirs[subdir]);
+	seprintf(buf, last, "%s%s", _searchpaths[sp], _subdirs[subdir]);
 	return buf;
 }
 
-char *FioGetDirectory(char *buf, size_t buflen, Subdirectory subdir)
+char *FioGetDirectory(char *buf, const char *last, Subdirectory subdir)
 {
 	Searchpath sp;
 
 	/* Find and return the first valid directory */
 	FOR_ALL_SEARCHPATHS(sp) {
-		char *ret = FioAppendDirectory(buf, buflen, sp, subdir);
+		char *ret = FioAppendDirectory(buf, last, sp, subdir);
 		if (FileExists(buf)) return ret;
 	}
 
 	/* Could not find the directory, fall back to a base path */
-	strecpy(buf, _personal_dir, &buf[buflen - 1]);
+	strecpy(buf, _personal_dir, last);
 
 	return buf;
 }
@@ -421,7 +421,7 @@ static FILE *FioFOpenFileSp(const char *filename, const char *mode, Searchpath s
 	if (subdir == NO_DIRECTORY) {
 		strecpy(buf, filename, lastof(buf));
 	} else {
-		snprintf(buf, lengthof(buf), "%s%s%s", _searchpaths[sp], _subdirs[subdir], filename);
+		seprintf(buf, lastof(buf), "%s%s%s", _searchpaths[sp], _subdirs[subdir], filename);
 	}
 
 #if defined(WIN32)
@@ -566,20 +566,19 @@ static void FioCreateDirectory(const char *name)
 /**
  * Appends, if necessary, the path separator character to the end of the string.
  * It does not add the path separator to zero-sized strings.
- * @param buf    string to append the separator to
- * @param buflen the length of \a buf.
+ * @param buf  string to append the separator to
+ * @param last the last element of \a buf.
  * @return true iff the operation succeeded
  */
-bool AppendPathSeparator(char *buf, size_t buflen)
+bool AppendPathSeparator(char *buf, const char *last)
 {
 	size_t s = strlen(buf);
 
 	/* Length of string + path separator + '\0' */
 	if (s != 0 && buf[s - 1] != PATHSEPCHAR) {
-		if (s + 2 >= buflen) return false;
+		if (&buf[s] >= last) return false;
 
-		buf[s]     = PATHSEPCHAR;
-		buf[s + 1] = '\0';
+		seprintf(buf + s, last, "%c", PATHSEPCHAR);
 	}
 
 	return true;
@@ -603,10 +602,10 @@ char *BuildWithFullPath(const char *dir)
 	/* Add absolute path */
 	if (s == NULL || dest != s) {
 		if (getcwd(dest, MAX_PATH) == NULL) *dest = '\0';
-		AppendPathSeparator(dest, MAX_PATH);
+		AppendPathSeparator(dest, last);
 		strecat(dest, dir, last);
 	}
-	AppendPathSeparator(dest, MAX_PATH);
+	AppendPathSeparator(dest, last);
 
 	return dest;
 }
@@ -1073,8 +1072,8 @@ bool DoScanWorkingDirectory()
 	if (_searchpaths[SP_PERSONAL_DIR] == NULL) return true;
 
 	char tmp[MAX_PATH];
-	snprintf(tmp, lengthof(tmp), "%s%s", _searchpaths[SP_WORKING_DIR], PERSONAL_DIR);
-	AppendPathSeparator(tmp, MAX_PATH);
+	seprintf(tmp, lastof(tmp), "%s%s", _searchpaths[SP_WORKING_DIR], PERSONAL_DIR);
+	AppendPathSeparator(tmp, lastof(tmp));
 	return strcmp(tmp, _searchpaths[SP_PERSONAL_DIR]) != 0;
 }
 
@@ -1087,11 +1086,11 @@ void DetermineBasePaths(const char *exe)
 	char tmp[MAX_PATH];
 #if defined(WITH_XDG_BASEDIR) && defined(WITH_PERSONAL_DIR)
 	const char *xdg_data_home = xdgDataHome(NULL);
-	snprintf(tmp, MAX_PATH, "%s" PATHSEP "%s", xdg_data_home,
+	seprintf(tmp, lastof(tmp), "%s" PATHSEP "%s", xdg_data_home,
 			PERSONAL_DIR[0] == '.' ? &PERSONAL_DIR[1] : PERSONAL_DIR);
 	free(xdg_data_home);
 
-	AppendPathSeparator(tmp, MAX_PATH);
+	AppendPathSeparator(tmp, lastof(tmp));
 	_searchpaths[SP_PERSONAL_DIR_XDG] = strdup(tmp);
 #endif
 #if defined(__MORPHOS__) || defined(__AMIGA__) || defined(DOS) || defined(OS2) || !defined(WITH_PERSONAL_DIR)
@@ -1119,8 +1118,8 @@ void DetermineBasePaths(const char *exe)
 
 	if (homedir != NULL) {
 		ValidateString(homedir);
-		snprintf(tmp, MAX_PATH, "%s" PATHSEP "%s", homedir, PERSONAL_DIR);
-		AppendPathSeparator(tmp, MAX_PATH);
+		seprintf(tmp, lastof(tmp), "%s" PATHSEP "%s", homedir, PERSONAL_DIR);
+		AppendPathSeparator(tmp, lastof(tmp));
 
 		_searchpaths[SP_PERSONAL_DIR] = strdup(tmp);
 		free(homedir);
@@ -1130,8 +1129,8 @@ void DetermineBasePaths(const char *exe)
 #endif
 
 #if defined(WITH_SHARED_DIR)
-	snprintf(tmp, MAX_PATH, "%s", SHARED_DIR);
-	AppendPathSeparator(tmp, MAX_PATH);
+	seprintf(tmp, lastof(tmp), "%s", SHARED_DIR);
+	AppendPathSeparator(tmp, lastof(tmp));
 	_searchpaths[SP_SHARED_DIR] = strdup(tmp);
 #else
 	_searchpaths[SP_SHARED_DIR] = NULL;
@@ -1141,7 +1140,7 @@ void DetermineBasePaths(const char *exe)
 	_searchpaths[SP_WORKING_DIR] = NULL;
 #else
 	if (getcwd(tmp, MAX_PATH) == NULL) *tmp = '\0';
-	AppendPathSeparator(tmp, MAX_PATH);
+	AppendPathSeparator(tmp, lastof(tmp));
 	_searchpaths[SP_WORKING_DIR] = strdup(tmp);
 #endif
 
@@ -1150,7 +1149,7 @@ void DetermineBasePaths(const char *exe)
 	/* Change the working directory to that one of the executable */
 	if (ChangeWorkingDirectoryToExecutable(exe)) {
 		if (getcwd(tmp, MAX_PATH) == NULL) *tmp = '\0';
-		AppendPathSeparator(tmp, MAX_PATH);
+		AppendPathSeparator(tmp, lastof(tmp));
 		_searchpaths[SP_BINARY_DIR] = strdup(tmp);
 	} else {
 		_searchpaths[SP_BINARY_DIR] = NULL;
@@ -1166,8 +1165,8 @@ void DetermineBasePaths(const char *exe)
 #if defined(__MORPHOS__) || defined(__AMIGA__) || defined(DOS) || defined(OS2)
 	_searchpaths[SP_INSTALLATION_DIR] = NULL;
 #else
-	snprintf(tmp, MAX_PATH, "%s", GLOBAL_DATA_DIR);
-	AppendPathSeparator(tmp, MAX_PATH);
+	seprintf(tmp, lastof(tmp), "%s", GLOBAL_DATA_DIR);
+	AppendPathSeparator(tmp, lastof(tmp));
 	_searchpaths[SP_INSTALLATION_DIR] = strdup(tmp);
 #endif
 #ifdef WITH_COCOA
@@ -1195,11 +1194,11 @@ void DeterminePaths(const char *exe)
 	char config_home[MAX_PATH];
 
 	const char *xdg_config_home = xdgConfigHome(NULL);
-	snprintf(config_home, MAX_PATH, "%s" PATHSEP "%s", xdg_config_home,
+	seprintf(config_home, lastof(config_home), "%s" PATHSEP "%s", xdg_config_home,
 			PERSONAL_DIR[0] == '.' ? &PERSONAL_DIR[1] : PERSONAL_DIR);
 	free(xdg_config_home);
 
-	AppendPathSeparator(config_home, MAX_PATH);
+	AppendPathSeparator(config_home, lastof(config_home));
 #endif
 
 	Searchpath sp;
@@ -1219,7 +1218,7 @@ void DeterminePaths(const char *exe)
 		}
 	} else {
 		char personal_dir[MAX_PATH];
-		if (FioFindFullPath(personal_dir, lengthof(personal_dir), BASE_DIR, "openttd.cfg") != NULL) {
+		if (FioFindFullPath(personal_dir, lastof(personal_dir), BASE_DIR, "openttd.cfg") != NULL) {
 			char *end = strrchr(personal_dir, PATHSEPCHAR);
 			if (end != NULL) end[1] = '\0';
 			config_dir = strdup(personal_dir);
@@ -1400,13 +1399,13 @@ static uint ScanPath(FileScanner *fs, const char *extension, const char *path, s
 
 		if (!FiosIsValidFile(path, dirent, &sb)) continue;
 
-		snprintf(filename, lengthof(filename), "%s%s", path, d_name);
+		seprintf(filename, lastof(filename), "%s%s", path, d_name);
 
 		if (S_ISDIR(sb.st_mode)) {
 			/* Directory */
 			if (!recursive) continue;
 			if (strcmp(d_name, ".") == 0 || strcmp(d_name, "..") == 0) continue;
-			if (!AppendPathSeparator(filename, lengthof(filename))) continue;
+			if (!AppendPathSeparator(filename, lastof(filename))) continue;
 			num += ScanPath(fs, extension, filename, basepath_length, recursive);
 		} else if (S_ISREG(sb.st_mode)) {
 			/* File */
@@ -1457,7 +1456,7 @@ uint FileScanner::Scan(const char *extension, Subdirectory sd, bool tars, bool r
 		/* Don't search in the working directory */
 		if (sp == SP_WORKING_DIR && !_do_scan_working_directory) continue;
 
-		FioAppendDirectory(path, MAX_PATH, sp, sd);
+		FioAppendDirectory(path, lastof(path), sp, sd);
 		num += ScanPath(this, extension, path, strlen(path), recursive);
 	}
 
@@ -1493,6 +1492,6 @@ uint FileScanner::Scan(const char *extension, const char *directory, bool recurs
 {
 	char path[MAX_PATH];
 	strecpy(path, directory, lastof(path));
-	if (!AppendPathSeparator(path, lengthof(path))) return 0;
+	if (!AppendPathSeparator(path, lastof(path))) return 0;
 	return ScanPath(this, extension, path, strlen(path), recursive);
 }