Where strncat() is called with a fixed string source, increase the size by one.

GCC version 8 introduced some new warnings on strncat() usage in an
effort to warn about unsafe usage.  When the source string is a constant
literal and there will always be enough space in the destination, then
you could safely use strcat().  But lots of error-checking processes
will balk at ANY usage of strcat().  Given all this, putting a size of
something greater than the source will cause no harm.

See https://github.com/gcc-mirror/gcc/commit/d8aad7864e5b4c654dcea86b98085baf36d8db76

diff --git a/src/curses/ux_init.c b/src/curses/ux_init.c
index bc8981cf6cde5286850610864dae085b98cc643f..f7ad952da93bde7327cd4f66d14a0a2215a98f11 100644 (file)
--- a/src/curses/ux_init.c
+++ b/src/curses/ux_init.c
@@ -219,12 +219,12 @@ void os_process_arguments (int argc, char *argv[])
     /* $HOME/.frotzrc overrides CONFIG_DIR/frotz.conf */
 
     strncpy(configfile, home, FILENAME_MAX);
-    strncat(configfile, "/", 1);
+    strncat(configfile, "/", 2);
 
-    strncat(configfile, USER_CONFIG, strlen(USER_CONFIG));
+    strncat(configfile, USER_CONFIG, strlen(USER_CONFIG) + 1);
     if (!getconfig(configfile)) {
         strncpy(configfile, CONFIG_DIR, FILENAME_MAX);
-        strncat(configfile, "/", 1);    /* added by DJP */
+        strncat(configfile, "/", 2);    /* added by DJP */
         strncat(configfile, MASTER_CONFIG, FILENAME_MAX-10);
         getconfig(configfile);  /* we're not concerned if this fails */
     }
@@ -321,16 +321,16 @@ void os_process_arguments (int argc, char *argv[])
 
     f_setup.script_name = malloc((strlen(f_setup.story_name) + strlen(EXT_SCRIPT)) * sizeof(char) + 1);
     strncpy(f_setup.script_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.script_name, EXT_SCRIPT, strlen(EXT_SCRIPT));
+    strncat(f_setup.script_name, EXT_SCRIPT, strlen(EXT_SCRIPT) + 1);
 
     f_setup.command_name = malloc((strlen(f_setup.story_name) + strlen(EXT_COMMAND)) * sizeof(char) + 1);
     strncpy(f_setup.command_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.command_name, EXT_COMMAND, strlen(EXT_COMMAND));
+    strncat(f_setup.command_name, EXT_COMMAND, strlen(EXT_COMMAND) + 1);
 
     if (!f_setup.restore_mode) {
        f_setup.save_name = malloc((strlen(f_setup.story_name) + strlen(EXT_SAVE)) * sizeof(char) + 1);
        strncpy(f_setup.save_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-       strncat(f_setup.save_name, EXT_SAVE, strlen(EXT_SAVE));
+       strncat(f_setup.save_name, EXT_SAVE, strlen(EXT_SAVE) + 1);
     } else {  /*Set our auto load save as the name_save*/
        f_setup.save_name = malloc((strlen(f_setup.tmp_save_name) + strlen(EXT_SAVE)) * sizeof(char) + 1);
        strncpy(f_setup.save_name, f_setup.tmp_save_name, strlen(f_setup.tmp_save_name) + 1);
@@ -339,7 +339,7 @@ void os_process_arguments (int argc, char *argv[])
 
     f_setup.aux_name = malloc((strlen(f_setup.story_name) + strlen(EXT_AUX)) * sizeof(char) + 1);
     strncpy(f_setup.aux_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.aux_name, EXT_AUX, strlen(EXT_AUX));
+    strncat(f_setup.aux_name, EXT_AUX, strlen(EXT_AUX) + 1);
 
 }/* os_process_arguments */
 

diff --git a/src/dumb/dumb_init.c b/src/dumb/dumb_init.c
index fcabc5c6b2ab1812ae3666baf62867054a3292e6..0b1d678e082c41ddb5593997dcc3fbd47853332c 100644 (file)
--- a/src/dumb/dumb_init.c
+++ b/src/dumb/dumb_init.c
@@ -161,16 +161,16 @@ void os_process_arguments(int argc, char *argv[])
 
     f_setup.script_name = malloc((strlen(f_setup.story_name) + strlen(EXT_SCRIPT)) * sizeof(char) + 1);
     strncpy(f_setup.script_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.script_name, EXT_SCRIPT, strlen(EXT_SCRIPT));
+    strncat(f_setup.script_name, EXT_SCRIPT, strlen(EXT_SCRIPT) + 1);
 
     f_setup.command_name = malloc((strlen(f_setup.story_name) + strlen(EXT_COMMAND)) * sizeof(char) + 1);
     strncpy(f_setup.command_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.command_name, EXT_COMMAND, strlen(EXT_COMMAND));
+    strncat(f_setup.command_name, EXT_COMMAND, strlen(EXT_COMMAND) + 1);
 
     if (!f_setup.restore_mode) {
       f_setup.save_name = malloc((strlen(f_setup.story_name) + strlen(EXT_SAVE)) * sizeof(char) + 1);
       strncpy(f_setup.save_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-      strncat(f_setup.save_name, EXT_SAVE, strlen(EXT_SAVE));
+      strncat(f_setup.save_name, EXT_SAVE, strlen(EXT_SAVE) + 1);
     } else { /* Set our auto load save as the name save */
       f_setup.save_name = malloc((strlen(f_setup.tmp_save_name) + strlen(EXT_SAVE)) * sizeof(char) + 1);
       strncpy(f_setup.save_name, f_setup.tmp_save_name, strlen(f_setup.tmp_save_name) + 1);
@@ -179,7 +179,7 @@ void os_process_arguments(int argc, char *argv[])
 
     f_setup.aux_name = malloc((strlen(f_setup.story_name) + strlen(EXT_AUX)) * sizeof(char) + 1);
     strncpy(f_setup.aux_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.aux_name, EXT_AUX, strlen(EXT_AUX));
+    strncat(f_setup.aux_name, EXT_AUX, strlen(EXT_AUX) + 1);
 
 }
 

diff --git a/src/sdl/sf_util.c b/src/sdl/sf_util.c
index df4322761727d0a587e1bfb3cda1a5df42480b47..1102ec205569c5ee1ebe952069f5d32dfb07fc1a 100644 (file)
--- a/src/sdl/sf_util.c
+++ b/src/sdl/sf_util.c
@@ -370,16 +370,16 @@ void os_process_arguments (int argc, char *argv[])
 
   f_setup.script_name = malloc((strlen(f_setup.story_name) + strlen(EXT_SCRIPT)) * sizeof(char) + 1);
   strncpy(f_setup.script_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-  strncat(f_setup.script_name, EXT_SCRIPT, strlen(EXT_SCRIPT));
+  strncat(f_setup.script_name, EXT_SCRIPT, strlen(EXT_SCRIPT) + 1);
 
   f_setup.command_name = malloc((strlen(f_setup.story_name) + strlen(EXT_COMMAND)) * sizeof(char) + 1);
   strncpy(f_setup.command_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-  strncat(f_setup.command_name, EXT_COMMAND, strlen(EXT_COMMAND));
+  strncat(f_setup.command_name, EXT_COMMAND, strlen(EXT_COMMAND) + 1);
 
   if (!f_setup.restore_mode) {
     f_setup.save_name = malloc((strlen(f_setup.story_name) + strlen(EXT_SAVE)) * sizeof(char) + 1);
     strncpy(f_setup.save_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-    strncat(f_setup.save_name, EXT_SAVE, strlen(EXT_SAVE));
+    strncat(f_setup.save_name, EXT_SAVE, strlen(EXT_SAVE) + 1);
   } else {  /*Set our auto load save as the name_save*/
     f_setup.save_name = malloc((strlen(f_setup.tmp_save_name) + strlen(EXT_SAVE)) * sizeof(char) + 1);
     strncpy(f_setup.save_name, f_setup.tmp_save_name, strlen(f_setup.tmp_save_name) + 1);
@@ -388,7 +388,7 @@ void os_process_arguments (int argc, char *argv[])
 
   f_setup.aux_name = malloc((strlen(f_setup.story_name) + strlen(EXT_AUX)) * sizeof(char) + 1);
   strncpy(f_setup.aux_name, f_setup.story_name, strlen(f_setup.story_name) + 1);
-  strncat(f_setup.aux_name, EXT_AUX, strlen(EXT_AUX));
+  strncat(f_setup.aux_name, EXT_AUX, strlen(EXT_AUX) + 1);
 
   /* Save the executable file name */