Comments (2)
I took a look through the code, 99% of the use of char arrays is using them as byte buffers for things like images, or fixed size data structures like those used in network transport. These aren't really "string" operations they are just using byte buffers.
There are only place I can see that could be changed to use std::string since they are doing text processing is in curses_wraper.h.
inline int pd_waddstr(WINDOW* w, const char* str) {
return waddstr(w, std::string(str).c_str());
}
maybe you could also do the temp buffer for the downloaded world, but I'm not sure that's going to save you anything much since it's treated like a byte buffer (for compression and stuff).
There just doesn't seem to be much C style text manipulation going on where buffer overruns could happen.
from bzflag.
One of the bugs in our current implementation of pd_waddstr()
is that we don't check for new
failure, which would cause a segfault. The above rewrite would fix that bug, is easier to read, and only needs a brief comment explaining why pd_waddstr()
exists to exemplify maintainable code.
I have found no buffer overflows in our code, but each use of a character array for a string carries a significant risk that a future change will inadvertently create an overflow situation. Replacing them with std::string
will reduce the likelihood of new overflow bugs.
Also, if there are few places where this makes sense then this will be an easy task.
from bzflag.
Related Issues (20)
- App Signing on macOS; aka "cannot be opened because the developer cannot be verified" HOT 1
- World weapon shots are not colored on radar
- Server provided death reason is ignored
- Rendering issue when using SDL1
- HUD Team Flag direction indicator arrow/carat is too small.
- Document Xcode project failing because of CodeSign HOT 2
- brightness changes on dual monitors HOT 1
- Events are not processed when using SDL 2.0.20 HOT 4
- Resizing window with SDL1 does not resize viewport HOT 1
- Need to change "copyright" to "license" in spec file for rpmbuild
- systemd-resolved causes/triggers issue with reverse DNS lookup in bzfs HOT 1
- Blocktime is calculated wrong in ServerLink.cxx
- Skewed textures HOT 1
- Question(s) regarding: bz_triggerFlagCapture() HOT 1
- cURL Deprecation Warnings
- Windows Defender SmartScreen flags BZFlag as unrecognized app HOT 1
- OSX zoom feature freezes computer.
- Confine mouse issue between fullscreen modes on macOS HOT 1
- Physics breaks at high altitude at high framerate
- Fullscreen toggle issue on macOS with later SDL versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bzflag.