aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/server/game/Entities/Item/Item.cpp1
-rw-r--r--src/tools/map_extractor/System.cpp37
-rw-r--r--src/tools/vmap4_extractor/vmapexport.cpp20
3 files changed, 45 insertions, 13 deletions
diff --git a/src/server/game/Entities/Item/Item.cpp b/src/server/game/Entities/Item/Item.cpp
index b36948ffe19..87a12edfc58 100644
--- a/src/server/game/Entities/Item/Item.cpp
+++ b/src/server/game/Entities/Item/Item.cpp
@@ -264,6 +264,7 @@ Item::Item()
m_paidExtendedCost = 0;
memset(_modifiers, 0, sizeof(_modifiers));
+ memset(&_bonusData, 0, sizeof(_bonusData));
}
bool Item::Create(ObjectGuid::LowType guidlow, uint32 itemid, Player const* owner)
diff --git a/src/tools/map_extractor/System.cpp b/src/tools/map_extractor/System.cpp
index b220100a8bb..bd258420613 100644
--- a/src/tools/map_extractor/System.cpp
+++ b/src/tools/map_extractor/System.cpp
@@ -97,8 +97,9 @@ typedef struct
map_id *map_ids;
uint16 *areas;
uint16 *LiqType;
-char output_path[128] = ".";
-char input_path[128] = ".";
+#define MAX_PATH_LENGTH 128
+char output_path[MAX_PATH_LENGTH] = ".";
+char input_path[MAX_PATH_LENGTH] = ".";
uint32 maxAreaId = 0;
// **************************************************
@@ -173,11 +174,11 @@ void Usage(char const* prg)
printf(
"Usage:\n"\
"%s -[var] [value]\n"\
- "-i set input path\n"\
- "-o set output path\n"\
+ "-i set input path (max %d characters)\n"\
+ "-o set output path (max %d characters)\n"\
"-e extract only MAP(1)/DBC(2) - standard: both(3)\n"\
"-f height stored as int (less map size but lost some accuracy) 1 by default\n"\
- "Example: %s -f 0 -i \"c:\\games\\game\"\n", prg, prg);
+ "Example: %s -f 0 -i \"c:\\games\\game\"\n", prg, MAX_PATH_LENGTH - 1, MAX_PATH_LENGTH - 1, prg);
exit(1);
}
@@ -197,14 +198,20 @@ void HandleArgs(int argc, char* arg[])
switch (arg[c][1])
{
case 'i':
- if (c + 1 < argc) // all ok
- strcpy(input_path, arg[c++ + 1]);
+ if (c + 1 < argc && strlen(arg[c + 1]) < MAX_PATH_LENGTH) // all ok
+ {
+ strncpy(input_path, arg[c++ + 1], MAX_PATH_LENGTH);
+ input_path[MAX_PATH_LENGTH - 1] = '\0';
+ }
else
Usage(arg[0]);
break;
case 'o':
- if (c + 1 < argc) // all ok
- strcpy(output_path, arg[c++ + 1]);
+ if (c + 1 < argc && strlen(arg[c + 1]) < MAX_PATH_LENGTH) // all ok
+ {
+ strncpy(output_path, arg[c++ + 1], MAX_PATH_LENGTH);
+ output_path[MAX_PATH_LENGTH - 1] = '\0';
+ }
else
Usage(arg[0]);
break;
@@ -313,7 +320,17 @@ uint32 ReadMapDBC()
for(uint32 x = 0; x < map_count; ++x)
{
map_ids[x].id = dbc.getRecord(x).getUInt(0);
- strcpy(map_ids[x].name, dbc.getRecord(x).getString(1));
+
+ const char* map_name = dbc.getRecord(x).getString(1);
+ size_t max_map_name_length = sizeof(map_ids[x].name);
+ if (strlen(map_name) >= max_map_name_length)
+ {
+ printf("Fatal error: Map name too long!\n");
+ exit(1);
+ }
+
+ strncpy(map_ids[x].name, map_name, max_map_name_length);
+ map_ids[x].name[max_map_name_length - 1] = '\0';
}
CascCloseFile(dbcFile);
diff --git a/src/tools/vmap4_extractor/vmapexport.cpp b/src/tools/vmap4_extractor/vmapexport.cpp
index acdb9cb42e7..fb2cc0a20d0 100644
--- a/src/tools/vmap4_extractor/vmapexport.cpp
+++ b/src/tools/vmap4_extractor/vmapexport.cpp
@@ -213,7 +213,7 @@ bool ExtractSingleWmo(std::string& fname)
for (uint32 i = 0; i < froot.nGroups; ++i)
{
char temp[1024];
- strcpy(temp, fname.c_str());
+ strncpy(temp, fname.c_str(), 1024);
temp[fname.length()-4] = 0;
char groupFileName[1024];
sprintf(groupFileName, "%s_%03u.wmo", temp, i);
@@ -300,7 +300,9 @@ bool processArgv(int argc, char ** argv, const char *versionString)
if((i+1)<argc)
{
hasInputPathParam = true;
- strcpy(input_path, argv[i+1]);
+ strncpy(input_path, argv[i + 1], sizeof(input_path));
+ input_path[sizeof(input_path) - 1] = '\0';
+
if (input_path[strlen(input_path) - 1] != '\\' && input_path[strlen(input_path) - 1] != '/')
strcat(input_path, "/");
++i;
@@ -417,7 +419,19 @@ int main(int argc, char ** argv)
for (unsigned int x = 0; x < map_count; ++x)
{
map_ids[x].id = dbc->getRecord(x).getUInt(0);
- strcpy(map_ids[x].name, dbc->getRecord(x).getString(1));
+
+ const char* map_name = dbc->getRecord(x).getString(1);
+ size_t max_map_name_length = sizeof(map_ids[x].name);
+ if (strlen(map_name) >= max_map_name_length)
+ {
+ delete dbc;
+ delete[] map_ids;
+ printf("FATAL ERROR: Map name too long.\n");
+ return 1;
+ }
+
+ strncpy(map_ids[x].name, map_name, max_map_name_length);
+ map_ids[x].name[max_map_name_length - 1] = '\0';
printf("Map - %s\n", map_ids[x].name);
}