From 62a0ae5623c3d61cce96f4e91e1818ebdcdb2807 Mon Sep 17 00:00:00 2001
From: Garux <garux@mail.ru>
Date: Tue, 26 Jan 2021 22:31:19 +0300
Subject: [PATCH] prevent string overflows

---
 tools/quake3/q3map2/bspfile_abstract.cpp |  3 ++-
 tools/quake3/q3map2/lightmaps_ydnar.cpp  |  4 ++--
 tools/quake3/q3map2/map.cpp              | 16 +++++++---------
 tools/quake3/q3map2/q3map2.h             |  2 +-
 tools/quake3/q3map2/shaders.cpp          | 10 +++++-----
 tools/quake3/q3map2/writebsp.cpp         |  6 ++++--
 6 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/tools/quake3/q3map2/bspfile_abstract.cpp b/tools/quake3/q3map2/bspfile_abstract.cpp
index 136a1fb6..77313c6d 100644
--- a/tools/quake3/q3map2/bspfile_abstract.cpp
+++ b/tools/quake3/q3map2/bspfile_abstract.cpp
@@ -165,7 +165,8 @@ void SwapBSPFile( void ){
 		if ( doingBSP ){
 			si = ShaderInfoForShader( bspShaders[ i ].shader );
 			if ( !strEmptyOrNull( si->remapShader ) ) {
-				strcpy( bspShaders[ i ].shader, si->remapShader );
+				// copy and clear the rest of memory // check for overflow by String64
+				strncpy( bspShaders[ i ].shader, String64()( si->remapShader ), sizeof( bspShaders[ i ].shader ) );
 			}
 		}
 		bspShaders[ i ].contentFlags = LittleLong( bspShaders[ i ].contentFlags );
diff --git a/tools/quake3/q3map2/lightmaps_ydnar.cpp b/tools/quake3/q3map2/lightmaps_ydnar.cpp
index b2f2dfef..dd8c9a17 100644
--- a/tools/quake3/q3map2/lightmaps_ydnar.cpp
+++ b/tools/quake3/q3map2/lightmaps_ydnar.cpp
@@ -3404,7 +3404,7 @@ void StoreSurfaceLightmaps( bool fastAllocate ){
 					strcpy( lightmapName, "$lightmap" );
 				}
 				else{
-					sprintf( lightmapName, "maps/%s/" EXTERNAL_LIGHTMAP, mapName, olm->extLightmapNum );
+					sprintf( lightmapName, "maps/%s/" EXTERNAL_LIGHTMAP, mapName.c_str(), olm->extLightmapNum );
 				}
 
 				/* get rgbgen string */
@@ -3503,7 +3503,7 @@ void StoreSurfaceLightmaps( bool fastAllocate ){
 			olm = &outLightmaps[ lm->outLightmapNums[ 0 ] ];
 
 			/* do some name mangling */
-			sprintf( lightmapName, "maps/%s/" EXTERNAL_LIGHTMAP "\n\t\ttcgen lightmap", mapName, olm->extLightmapNum );
+			sprintf( lightmapName, "maps/%s/" EXTERNAL_LIGHTMAP "\n\t\ttcgen lightmap", mapName.c_str(), olm->extLightmapNum );
 
 			/* create custom shader */
 			csi = CustomShader( info->si, "$lightmap", lightmapName );
diff --git a/tools/quake3/q3map2/map.cpp b/tools/quake3/q3map2/map.cpp
index 9e2f3292..73ece666 100644
--- a/tools/quake3/q3map2/map.cpp
+++ b/tools/quake3/q3map2/map.cpp
@@ -1625,23 +1625,21 @@ void LoadEntityIndexMap( entity_t *e ){
 	im->pixels = pixels;
 
 	/* get height offsets */
-//	char offset[ 4096 ];
-	char offset[ 1024 ];
+	const char *offset;
 	if( ENT_READKV( &offset, mapEnt, "_offsets", "offsets" ) ){
 		/* value is a space-separated set of numbers */
-		char *search = offset;
 		/* get each value */
-		for ( i = 0; i < 256 && !strEmpty( search ); i++ )
+		for ( i = 0; i < 256 && !strEmpty( offset ); i++ )
 		{
-			char *space = strchr( search, ' ' );
-			if ( space != NULL ) {
-				strClear( space );
+			const char *space = strchr( offset, ' ' );
+			if ( space == NULL ) {
+				space = offset + strlen( offset );
 			}
-			im->offsets[ i ] = atof( search );
+			im->offsets[ i ] = atof( String64()( StringRange( offset, space ) ) );
 			if ( space == NULL ) {
 				break;
 			}
-			search = space + 1;
+			offset = space + 1;
 		}
 	}
 
diff --git a/tools/quake3/q3map2/q3map2.h b/tools/quake3/q3map2/q3map2.h
index 579f7dd8..94316453 100644
--- a/tools/quake3/q3map2/q3map2.h
+++ b/tools/quake3/q3map2/q3map2.h
@@ -1953,7 +1953,7 @@ Q_EXTERN int numVertexRemaps Q_ASSIGN( 0 );
 Q_EXTERN surfaceParm_t custSurfaceParms[ MAX_CUST_SURFACEPARMS ];
 Q_EXTERN int numCustSurfaceParms Q_ASSIGN( 0 );
 
-Q_EXTERN char mapName[ MAX_QPATH ];                 /* ydnar: per-map custom shaders for larger lightmaps */
+Q_EXTERN String64 mapName;                 /* ydnar: per-map custom shaders for larger lightmaps */
 Q_EXTERN char mapShaderFile[ 1024 ];
 Q_EXTERN bool warnImage Q_ASSIGN( true );
 
diff --git a/tools/quake3/q3map2/shaders.cpp b/tools/quake3/q3map2/shaders.cpp
index cca50f66..3777ab0a 100644
--- a/tools/quake3/q3map2/shaders.cpp
+++ b/tools/quake3/q3map2/shaders.cpp
@@ -312,19 +312,19 @@ bool ApplySurfaceParm( const char *name, int *contentFlags, int *surfaceFlags, i
 
 void BeginMapShaderFile( const char *mapFile ){
 	/* dummy check */
-	strClear( mapName );
+	mapName.clear();
 	strClear( mapShaderFile );
 	if ( strEmptyOrNull( mapFile ) ) {
 		return;
 	}
 
 	/* extract map name */
-	ExtractFileBase( mapFile, mapName );
+	mapName( StringRange( path_get_filename_start( mapFile ), path_get_filename_base_end( mapFile) ) );
 	char path[ 1024 ];
 	ExtractFilePath( mapFile, path );
 
 	/* append ../scripts/q3map2_<mapname>.shader */
-	sprintf( mapShaderFile, "%s../%s/q3map2_%s.shader", path, game->shaderPath, mapName );
+	sprintf( mapShaderFile, "%s../%s/q3map2_%s.shader", path, game->shaderPath, mapName.c_str() );
 	Sys_FPrintf( SYS_VRB, "Map has shader script %s\n", mapShaderFile );
 
 	/* remove it */
@@ -379,7 +379,7 @@ void WriteMapShaderFile( void ){
 			 "// Custom shader file for %s.bsp\n"
 			 "// Generated by Q3Map2 (ydnar)\n"
 			 "// Do not edit! This file is overwritten on recompiles.\n\n",
-			 mapName );
+			 mapName.c_str() );
 
 	/* walk the shader list */
 	for ( i = 0, num = 0; i < numShaderInfo; i++ )
@@ -543,7 +543,7 @@ shaderInfo_t *CustomShader( shaderInfo_t *si, const char *find, char *replace ){
 	Com_BlockFullChecksum( shaderText, strlen( shaderText ), digest );
 
 	/* mangle hash into a shader name */
-	sprintf( shader, "%s/%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", mapName,
+	sprintf( shader, "%s/%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", mapName.c_str(),
 			 digest[ 0 ], digest[ 1 ], digest[ 2 ], digest[ 3 ], digest[ 4 ], digest[ 5 ], digest[ 6 ], digest[ 7 ],
 			 digest[ 8 ], digest[ 9 ], digest[ 10 ], digest[ 11 ], digest[ 12 ], digest[ 13 ], digest[ 14 ], digest[ 15 ] );
 
diff --git a/tools/quake3/q3map2/writebsp.cpp b/tools/quake3/q3map2/writebsp.cpp
index f8f35163..4c920bad 100644
--- a/tools/quake3/q3map2/writebsp.cpp
+++ b/tools/quake3/q3map2/writebsp.cpp
@@ -84,7 +84,8 @@ int EmitShader( const char *shader, int *contentFlags, int *surfaceFlags ){
 	AUTOEXPAND_BY_REALLOC_BSP( Shaders, 1024 );
 
 	numBSPShaders++;
-	strncpy( bspShaders[ i ].shader, shader, sizeof( bspShaders[ i ].shader ) ); // copy and clear the rest of memory
+	// copy and clear the rest of memory // check for overflow by String64
+	strncpy( bspShaders[ i ].shader, String64()( shader ), sizeof( bspShaders[ i ].shader ) );
 	bspShaders[ i ].surfaceFlags = si->surfaceFlags;
 	bspShaders[ i ].contentFlags = si->contentFlags;
 
@@ -501,7 +502,8 @@ void EmitFogs( void ){
 	for ( i = 0; i < numMapFogs; i++ )
 	{
 		/* set shader */
-		strcpy( bspFogs[ i ].shader, mapFogs[ i ].si->shader );
+		// copy and clear the rest of memory // check for overflow by String64
+		strncpy( bspFogs[ i ].shader, String64()( mapFogs[ i ].si->shader ), sizeof( bspFogs[ i ].shader ) );
 
 		/* global fog doesn't have an associated brush */
 		if ( mapFogs[ i ].brush == NULL ) {