[GEN][ZH] Fix several potential buffer overruns in game code (#849)

slurmlord · web-flow · commit ce756df3ff49 · 2025-05-15T16:14:18.000+02:00
diff --git a/Core/Libraries/Source/WWVegas/WW3D2/dynamesh.cpp b/Core/Libraries/Source/WWVegas/WW3D2/dynamesh.cpp
@@ -587,9 +587,6 @@ DynamicMeshClass::DynamicMeshClass(const DynamicMeshClass & src) :
 
 		MultiVertexMaterial[pass] = src.MultiVertexMaterial[pass];
 		VertexMaterialIdx[pass] = src.VertexMaterialIdx[pass];
-
-		MultiVertexColor[pass] = src.MultiVertexColor[pass];
-		CurVertexColor[pass]  = src.CurVertexColor[pass];
 	}
 
 	for (int color_array_index = 0; color_array_index < MAX_COLOR_ARRAYS; color_array_index++) {
diff --git a/Core/Libraries/Source/WWVegas/WWDownload/ftp.h b/Core/Libraries/Source/WWVegas/WWDownload/ftp.h
@@ -67,7 +67,7 @@ class Cftp
 	char	m_szRemoteFilePath[128];				
 	char	m_szRemoteFileName[128];
 	char	m_szLocalFilePath[128];
-	char	m_szLocalFileName[128];
+	char	m_szLocalFileName[256];
 	char	m_szServerName[128];
 	char	m_szUserName[128];
 	char	m_szPassword[128];
diff --git a/Generals/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp b/Generals/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp
@@ -236,7 +236,7 @@ UnicodeString getUnicodeDateBuffer(SYSTEMTIME timeVal)
 								 DATE_SHORTDATE,
 								 &timeVal,
 								 NULL,
-								 dateBuffer, sizeof(dateBuffer) );
+								 dateBuffer, ARRAY_SIZE(dateBuffer) );
 	displayDateBuffer.set(dateBuffer);
 	return displayDateBuffer;
 	//displayDateBuffer.format( L"%ls", dateBuffer );
@@ -270,7 +270,7 @@ UnicodeString getUnicodeTimeBuffer(SYSTEMTIME timeVal)
 								 &timeVal,
 								 NULL,
 								 timeBuffer,
-								 sizeof(timeBuffer) );
+								 ARRAY_SIZE(timeBuffer) );
 	displayTimeBuffer.set(timeBuffer);
 	return displayTimeBuffer;
 }
diff --git a/Generals/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/PopupReplay.cpp b/Generals/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/PopupReplay.cpp
@@ -288,7 +288,7 @@ void reallySaveReplay(void)
 		if(DeleteFile(filename.str()) == 0)
 		{
 			wchar_t buffer[1024];
-			FormatMessageW ( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);
+			FormatMessageW ( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);
 			UnicodeString errorStr;
 			errorStr.set(buffer);
 			errorStr.trim();
@@ -313,7 +313,7 @@ void reallySaveReplay(void)
 	if(CopyFile(oldFilename.str(),filename.str(), FALSE) == 0)
 	{
 		wchar_t buffer[1024];
-		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);
+		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);
 		UnicodeString errorStr;
 		errorStr.set(buffer);
 		errorStr.trim();
diff --git a/Generals/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/ReplayMenu.cpp b/Generals/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/ReplayMenu.cpp
@@ -672,7 +672,7 @@ void copyReplay( void )
 	if(CopyFile(filename.str(),newFilename.str(), FALSE) == 0)
 	{
 		wchar_t buffer[1024];
-		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);
+		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);
 		UnicodeString errorStr;
 		errorStr.set(buffer);
 		errorStr.trim();
diff --git a/Generals/Code/GameEngineDevice/Source/W3DDevice/GameClient/W3DMouse.cpp b/Generals/Code/GameEngineDevice/Source/W3DDevice/GameClient/W3DMouse.cpp
@@ -235,9 +235,11 @@ void W3DMouse::initD3DAssets(void)
 			for (Int j=0; j < MAX_2D_CURSOR_ANIM_FRAMES; j++)
 			{
 				cursorTextures[i][j]=NULL;//am->Get_Texture(m_cursorInfo[i].textureName.str());
-				m_currentD3DSurface[i]=NULL;
 			}
 		}
+
+		for (Int x = 0; x < MAX_2D_CURSOR_ANIM_FRAMES; x++)
+			m_currentD3DSurface[x]=NULL;
 	}
 }
 
diff --git a/Generals/Code/Libraries/Source/WWVegas/WW3D2/rinfo.cpp b/Generals/Code/Libraries/Source/WWVegas/WW3D2/rinfo.cpp
@@ -101,7 +101,7 @@ MaterialPassClass * RenderInfoClass::Peek_Additional_Pass(int i)
 void RenderInfoClass::Push_Override_Flags(RINFO_OVERRIDE_FLAGS flg)
 {
 	// copy to the end of the array
-	WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL);
+	WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL - 1);
 	OverrideFlagLevel++;
 	OverrideFlag[OverrideFlagLevel]=flg;
 }
diff --git a/GeneralsMD/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp b/GeneralsMD/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp
@@ -236,7 +236,7 @@ UnicodeString getUnicodeDateBuffer(SYSTEMTIME timeVal)
 								 DATE_SHORTDATE,
 								 &timeVal,
 								 NULL,
-								 dateBuffer, sizeof(dateBuffer) );
+								 dateBuffer, ARRAY_SIZE(dateBuffer) );
 	displayDateBuffer.set(dateBuffer);
 	return displayDateBuffer;
 	//displayDateBuffer.format( L"%ls", dateBuffer );
@@ -270,7 +270,7 @@ UnicodeString getUnicodeTimeBuffer(SYSTEMTIME timeVal)
 								 &timeVal,
 								 NULL,
 								 timeBuffer,
-								 sizeof(timeBuffer) );
+								 ARRAY_SIZE(timeBuffer) );
 	displayTimeBuffer.set(timeBuffer);
 	return displayTimeBuffer;
 }
diff --git a/GeneralsMD/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/PopupReplay.cpp b/GeneralsMD/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/PopupReplay.cpp
@@ -288,7 +288,7 @@ void reallySaveReplay(void)
 		if(DeleteFile(filename.str()) == 0)
 		{
 			wchar_t buffer[1024];
-			FormatMessageW ( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);
+			FormatMessageW ( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);
 			UnicodeString errorStr;
 			errorStr.set(buffer);
 			errorStr.trim();
@@ -313,7 +313,7 @@ void reallySaveReplay(void)
 	if(CopyFile(oldFilename.str(),filename.str(), FALSE) == 0)
 	{
 		wchar_t buffer[1024];
-		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);
+		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);
 		UnicodeString errorStr;
 		errorStr.set(buffer);
 		errorStr.trim();
diff --git a/GeneralsMD/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/ReplayMenu.cpp b/GeneralsMD/Code/GameEngine/Source/GameClient/GUI/GUICallbacks/Menus/ReplayMenu.cpp
@@ -672,7 +672,7 @@ void copyReplay( void )
 	if(CopyFile(filename.str(),newFilename.str(), FALSE) == 0)
 	{
 		wchar_t buffer[1024];
-		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);
+		FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);
 		UnicodeString errorStr;
 		errorStr.set(buffer);
 		errorStr.trim();
diff --git a/GeneralsMD/Code/GameEngineDevice/Source/W3DDevice/GameClient/W3DMouse.cpp b/GeneralsMD/Code/GameEngineDevice/Source/W3DDevice/GameClient/W3DMouse.cpp
@@ -235,9 +235,11 @@ void W3DMouse::initD3DAssets(void)
 			for (Int j=0; j < MAX_2D_CURSOR_ANIM_FRAMES; j++)
 			{
 				cursorTextures[i][j]=NULL;//am->Get_Texture(m_cursorInfo[i].textureName.str());
-				m_currentD3DSurface[i]=NULL;
 			}
 		}
+
+		for (Int x = 0; x < MAX_2D_CURSOR_ANIM_FRAMES; x++)
+			m_currentD3DSurface[x]=NULL;
 	}
 }
 
diff --git a/GeneralsMD/Code/Libraries/Source/WWVegas/WW3D2/rinfo.cpp b/GeneralsMD/Code/Libraries/Source/WWVegas/WW3D2/rinfo.cpp
@@ -112,7 +112,7 @@ MaterialPassClass * RenderInfoClass::Peek_Additional_Pass(int i)
 void RenderInfoClass::Push_Override_Flags(RINFO_OVERRIDE_FLAGS flg)
 {
 	// copy to the end of the array
-	WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL);
+	WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL - 1);
 	OverrideFlagLevel++;
 	OverrideFlag[OverrideFlagLevel]=flg;
 }

Original file line number	Diff line number	Diff line change
`@@ -587,9 +587,6 @@ DynamicMeshClass::DynamicMeshClass(const DynamicMeshClass & src) :`
`587`	`587`
`588`	`588`	`MultiVertexMaterial[pass] = src.MultiVertexMaterial[pass];`
`589`	`589`	`VertexMaterialIdx[pass] = src.VertexMaterialIdx[pass];`
`590`		`-`
`591`		`- MultiVertexColor[pass] = src.MultiVertexColor[pass];`
`592`		`- CurVertexColor[pass] = src.CurVertexColor[pass];`
`593`	`590`	`}`
`594`	`591`
`595`	`592`	`for (int color_array_index = 0; color_array_index < MAX_COLOR_ARRAYS; color_array_index++) {`
Original file line number	Diff line number	Diff line change
`@@ -672,7 +672,7 @@ void copyReplay( void )`
`672`	`672`	`if(CopyFile(filename.str(),newFilename.str(), FALSE) == 0)`
`673`	`673`	`{`
`674`	`674`	`wchar_t buffer[1024];`
`675`		`- FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, sizeof(buffer), NULL);`
	`675`	`+ FormatMessageW( FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, buffer, ARRAY_SIZE(buffer), NULL);`
`676`	`676`	`UnicodeString errorStr;`
`677`	`677`	`errorStr.set(buffer);`
`678`	`678`	`errorStr.trim();`
Original file line number	Diff line number	Diff line change
`@@ -235,9 +235,11 @@ void W3DMouse::initD3DAssets(void)`
`235`	`235`	`for (Int j=0; j < MAX_2D_CURSOR_ANIM_FRAMES; j++)`
`236`	`236`	`{`
`237`	`237`	`cursorTextures[i][j]=NULL;//am->Get_Texture(m_cursorInfo[i].textureName.str());`
`238`		`- m_currentD3DSurface[i]=NULL;`
`239`	`238`	`}`
`240`	`239`	`}`
	`240`	`+`
	`241`	`+ for (Int x = 0; x < MAX_2D_CURSOR_ANIM_FRAMES; x++)`
	`242`	`+ m_currentD3DSurface[x]=NULL;`
`241`	`243`	`}`
`242`	`244`	`}`
`243`	`245`
Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ MaterialPassClass * RenderInfoClass::Peek_Additional_Pass(int i)`
`101`	`101`	`void RenderInfoClass::Push_Override_Flags(RINFO_OVERRIDE_FLAGS flg)`
`102`	`102`	`{`
`103`	`103`	`// copy to the end of the array`
`104`		`- WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL);`
	`104`	`+ WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL - 1);`
`105`	`105`	`OverrideFlagLevel++;`
`106`	`106`	`OverrideFlag[OverrideFlagLevel]=flg;`
`107`	`107`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ MaterialPassClass * RenderInfoClass::Peek_Additional_Pass(int i)`
`112`	`112`	`void RenderInfoClass::Push_Override_Flags(RINFO_OVERRIDE_FLAGS flg)`
`113`	`113`	`{`
`114`	`114`	`// copy to the end of the array`
`115`		`- WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL);`
	`115`	`+ WWASSERT(OverrideFlagLevel<MAX_OVERRIDE_FLAG_LEVEL - 1);`
`116`	`116`	`OverrideFlagLevel++;`
`117`	`117`	`OverrideFlag[OverrideFlagLevel]=flg;`
`118`	`118`	`}`