check return value of sscanf() (#2532)

* check return value of sscanf() * enable_log: default value 0x3 * replace atoi() with strtol() * update LoadLFListSingle() * set enable_log to unsigned bit field

check return value of sscanf() (#2532)
* check return value of sscanf() * enable_log: default value 0x3 * replace atoi() with strtol() * update LoadLFListSingle() * set enable_log to unsigned bit field
7de2a00d · Chen Bill · GitHub · 3d8c3621 · 7de2a00d · 7de2a00d
Commit 7de2a00d authored May 07, 2024 by Chen Bill Committed by GitHub May 07, 2024
5 changed files
--- a/gframe/config.h
+++ b/gframe/config.h
@@ -87,7 +87,7 @@ using namespace io;
 using namespace gui;

 extern const unsigned short PRO_VERSION;
-extern int enable_log;
+extern unsigned int enable_log;
 extern bool exit_on_return;
 extern bool open_file;
 extern wchar_t open_file_name[256];

--- a/gframe/data_manager.cpp
+++ b/gframe/data_manager.cpp
@@ -139,24 +139,30 @@ bool DataManager::LoadStrings(IReadFile* reader) {
 void DataManager::ReadStringConfLine(const char* linebuf) {
 	if(linebuf[0] != '!')
 		return;
-	char strbuf[256];
-	int value;
-	wchar_t strBuffer[4096];
-	sscanf(linebuf, "!%s", strbuf);
+	char strbuf[256]{};
+	int value{};
+	wchar_t strBuffer[4096]{};
+	if (sscanf(linebuf, "!%63s", strbuf) != 1)
+		return;
 	if(!strcmp(strbuf, "system")) {
-		sscanf(&linebuf[7], "%d %240[^\n]", &value, strbuf);
+		if (sscanf(&linebuf[7], "%d %240[^\n]", &value, strbuf) != 2)
+			return;
 		BufferIO::DecodeUTF8(strbuf, strBuffer);
 		_sysStrings[value] = strBuffer;
 	} else if(!strcmp(strbuf, "victory")) {
-		sscanf(&linebuf[8], "%x %240[^\n]", &value, strbuf);
+		if (sscanf(&linebuf[8], "%x %240[^\n]", &value, strbuf) != 2)
+			return;
 		BufferIO::DecodeUTF8(strbuf, strBuffer);
 		_victoryStrings[value] = strBuffer;
 	} else if(!strcmp(strbuf, "counter")) {
-		sscanf(&linebuf[8], "%x %240[^\n]", &value, strbuf);
+		if (sscanf(&linebuf[8], "%x %240[^\n]", &value, strbuf) != 2)
+			return;
 		BufferIO::DecodeUTF8(strbuf, strBuffer);
 		_counterStrings[value] = strBuffer;
 	} else if(!strcmp(strbuf, "setname")) {
-		sscanf(&linebuf[8], "%x %240[^\t\n]", &value, strbuf);//using tab for comment
+		//using tab for comment
+		if (sscanf(&linebuf[8], "%x %240[^\t\n]", &value, strbuf) != 2)
+			return;
 		BufferIO::DecodeUTF8(strbuf, strBuffer);
 		_setnameStrings[value] = strBuffer;
 	}

--- a/gframe/deck_manager.cpp
+++ b/gframe/deck_manager.cpp
@@ -11,15 +11,16 @@ DeckManager deckManager;
 void DeckManager::LoadLFListSingle(const char* path) {
 	LFList* cur = nullptr;
 	FILE* fp = fopen(path, "r");
-	char linebuf[256];
-	wchar_t strBuffer[256];
+	char linebuf[256]{};
+	wchar_t strBuffer[256]{};
 	if(fp) {
 		while(fgets(linebuf, 256, fp)) {
 			if(linebuf[0] == '#')
 				continue;
 			if(linebuf[0] == '!') {
 				int sa = BufferIO::DecodeUTF8(&linebuf[1], strBuffer);
-				while(strBuffer[sa - 1] == L'\r' || strBuffer[sa - 1] == L'\n' ) sa--;
+				while(strBuffer[sa - 1] == L'\r' || strBuffer[sa - 1] == L'\n' )
+					sa--;
 				strBuffer[sa] = 0;
 				LFList newlist;
 				_lfList.push_back(newlist);
@@ -28,20 +29,18 @@ void DeckManager::LoadLFListSingle(const char* path) {
 				cur->hash = 0x7dfcee6a;
 				continue;
 			}
-			int p = 0;
-			while(linebuf[p] != ' ' && linebuf[p] != '\t' && linebuf[p] != 0) p++;
-			if(linebuf[p] == 0)
+			if(linebuf[0] == 0)
 				continue;
-			linebuf[p++] = 0;
-			int sa = p;
-			int code = atoi(linebuf);
-			if(code == 0)
+			int code = 0;
+			int count = -1;
+			if (sscanf(linebuf, "%d %d", &code, &count) != 2)
+				continue;
+			if (code <= 0 || code > 99999999)
+				continue;
+			if (count < 0 || count > 2)
+				continue;
+			if (!cur)
 				continue;
-			while(linebuf[p] == ' ' || linebuf[p] == '\t') p++;
-			while(linebuf[p] != ' ' && linebuf[p] != '\t' && linebuf[p] != 0) p++;
-			linebuf[p] = 0;
-			int count = atoi(&linebuf[sa]);
-			if(!cur) continue;
 			cur->content[code] = count;
 			cur->hash = cur->hash ^ ((code << 18) | (code >> 14)) ^ ((code << (27 + count)) | (code >> (5 - count)));
 		}

--- a/gframe/game.cpp
+++ b/gframe/game.cpp
--- a/gframe/gframe.cpp
+++ b/gframe/gframe.cpp
@@ -7,7 +7,7 @@
 #import <CoreFoundation/CoreFoundation.h>
 #endif

-int enable_log = 0;
+unsigned int enable_log = 0x3;
 bool exit_on_return = false;
 bool open_file = false;
 wchar_t open_file_name[256] = L"";