From edc7da8f7cf9dcd979c1152be1bcb8021d1e28e2 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Wed, 6 Jul 2011 09:40:23 +0200
Subject: [PATCH] * More strcpy/sprintf/strcat exterminations

---
 libr/anal/arch/x86/x86im/x86im_io.h |  1 +
 libr/anal/cc.c                      |  8 ++++----
 libr/anal/cond.c                    |  4 ++--
 libr/anal/op.c                      |  8 ++++----
 libr/bin/format/dex/dex.h           |  1 +
 libr/bin/p/bin_dex.c                |  2 +-
 libr/config/config.c                | 16 ++++++++--------
 libr/io/p/io_ptrace.c               |  2 +-
 libr/util/str.c                     |  7 +++++--
 9 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/libr/anal/arch/x86/x86im/x86im_io.h b/libr/anal/arch/x86/x86im/x86im_io.h
index 5445c8aba0..309dc64cfc 100644
--- a/libr/anal/arch/x86/x86im/x86im_io.h
+++ b/libr/anal/arch/x86/x86im/x86im_io.h
@@ -3000,6 +3000,7 @@
 #define X86IM_IO_SET_MODE_32BIT(x)                      ( (x)->mode |= X86IM_IO_MODE_32BIT )
 #define X86IM_IO_SET_MODE_64BIT(x)                      ( (x)->mode |= X86IM_IO_MODE_64BIT )
 
+// XXX: This is not fucking portable. at least not standard, and not supported by GCC
 #pragma pack( push, 1 )
 
 typedef struct _x86im_instr_object                      // x86 decoded/generated instruction:
diff --git a/libr/anal/cc.c b/libr/anal/cc.c
index beb7fcf717..26d3a1112f 100644
--- a/libr/anal/cc.c
+++ b/libr/anal/cc.c
@@ -40,7 +40,7 @@ R_API void r_anal_cc_reset (RAnalCC *cc) {
 R_API char *r_anal_cc_to_string (RAnal *anal, RAnalCC* cc) {
 	RSyscallItem *si;
 	RAnalFcn *fcn;
-	char str[1024], buf[32];
+	char str[1024], buf[64];
 	int i, eax = 0; // eax = arg0
 
 	str[0] = 0;
@@ -63,11 +63,11 @@ R_API char *r_anal_cc_to_string (RAnal *anal, RAnalCC* cc) {
 				const char *reg = r_syscall_reg (anal->syscall, i+1, si->args);
 				item = r_reg_get (anal->reg, reg, R_REG_TYPE_GPR);
 				if (item) {
-					sprintf (buf, "0x%"PFMT64x, r_reg_get_value (anal->reg, item));
-					strcat (str, buf);
+					snprintf (buf, sizeof (buf), "0x%"PFMT64x, r_reg_get_value (anal->reg, item));
+					strcat (str, buf); // XXX: do not use strcat
 				} else eprintf ("Unknown reg '%s'\n", reg);
 				if (i<si->args-1)
-					strcat (str, ",");
+					strcat (str, ","); // XXX: do not use strcat
 			}
 			strcat (str, ")");
 		} else snprintf (str, sizeof (str), "syscall[0x%x][%d]=?", (int)cc->jump, eax);
diff --git a/libr/anal/cond.c b/libr/anal/cond.c
index 5eb58c4bc8..2e8ecb8e88 100644
--- a/libr/anal/cond.c
+++ b/libr/anal/cond.c
@@ -71,7 +71,7 @@ R_API char *r_anal_cond_to_string(RAnalCond *cond) {
 	val0 = r_anal_value_to_string (cond->arg[0]);
 	val1 = r_anal_value_to_string (cond->arg[1]);
 	if (val0) {
-		if (R_ANAL_COND_SINGLE(cond)) {
+		if (R_ANAL_COND_SINGLE (cond)) {
 			if ( (out = malloc (strlen (val0) + 10)) )
 				sprintf (out, "%s%s", cnd, val0);
 		} else if ( (out = malloc (strlen (val0) + strlen (val1)+10)) )
@@ -84,7 +84,7 @@ R_API char *r_anal_cond_to_string(RAnalCond *cond) {
 
 R_API RAnalCond *r_anal_cond_new_from_op(RAnalOp *op) {
 	RAnalCond *cond;
-	if (!(cond = r_anal_cond_new()))
+	if (!(cond = r_anal_cond_new ()))
 		return NULL;
 	//v->reg[0] = op->src[0];
 	//v->reg[1] = op->src[1];
diff --git a/libr/anal/op.c b/libr/anal/op.c
index 88e520c63c..66ae2c0e7e 100644
--- a/libr/anal/op.c
+++ b/libr/anal/op.c
@@ -209,16 +209,16 @@ R_API char *r_anal_op_to_string(RAnal *anal, RAnalOp *op) {
 		ret[0] = '\0';
 		break;
 	case R_ANAL_OP_TYPE_NOP:
-		sprintf (ret, "nop");
+		memcpy (ret, "nop", 4);
 		break;
 	case R_ANAL_OP_TYPE_RET:
-		sprintf (ret, "ret");
+		memcpy (ret, "ret", 4);
 		break;
 	case R_ANAL_OP_TYPE_LEAVE:
-		sprintf (ret, "leave");
+		memcpy (ret, "leave", 6);
 		break;
 	default:
-		sprintf (ret, "// ?");
+		memcpy (ret, "// ?", 5);
 		break;
 	}
 	free (r0);
diff --git a/libr/bin/format/dex/dex.h b/libr/bin/format/dex/dex.h
index 6c18656c06..df9867658b 100644
--- a/libr/bin/format/dex/dex.h
+++ b/libr/bin/format/dex/dex.h
@@ -81,3 +81,4 @@ struct r_bin_dex_str_t *r_bin_dex_get_strings (struct r_bin_dex_obj_t* bin);
 
 int dex_read_uleb128 (const char *ptr);
 int dex_read_sleb128 (const char *ptr);
+int dex_uleb128_len (const char *ptr);
diff --git a/libr/bin/p/bin_dex.c b/libr/bin/p/bin_dex.c
index 8024127c57..707abc551f 100644
--- a/libr/bin/p/bin_dex.c
+++ b/libr/bin/p/bin_dex.c
@@ -68,7 +68,7 @@ static RList* strings (RBinArch *arch) {
 		len = dex_read_uleb128 (buf);
 		//	len = R_BIN_SIZEOF_STRINGS-1;
 		if (len>0 && len < R_BIN_SIZEOF_STRINGS) {
-			r_buf_read_at(bin->b, bin->strings[i]+dex_uleb128_len (buf),
+			r_buf_read_at (bin->b, bin->strings[i]+dex_uleb128_len (buf),
 					(ut8*)&ptr->string, len);
 			ptr->string[(int) len]='\0';
 			ptr->rva = ptr->offset = bin->strings[i];
diff --git a/libr/config/config.c b/libr/config/config.c
index 273670e645..8872f8b933 100644
--- a/libr/config/config.c
+++ b/libr/config/config.c
@@ -170,22 +170,22 @@ R_API RConfigNode *r_config_set_i(RConfig *cfg, const char *name, const ut64 i)
 	if (node) {
 		if (node->flags & CN_RO)
 			return NULL;
-		if (node->value)
+		if (node->value) {
+			free (node->value);
 			ov = strdup (node->value);
-		else node->value = strdup("");
-		free (node->value);
+		}
 		if (node->flags & CN_BOOL) {
-			node->value = strdup(i?"true":"false");
+			node->value = strdup (i? "true": "false");
 		} else {
-			sprintf (buf, "%"PFMT64d"", i); //0x%08lx", i);
-			node->value = strdup(buf);
+			snprintf (buf, sizeof (buf)-1, "%"PFMT64d, i);
+			node->value = strdup (buf);
 		}
 		//node->flags = CN_RW | CN_INT;
 		node->i_value = i;
 	} else {
 		if (!cfg->lock) {
-			if (i<1024) sprintf (buf, "%"PFMT64d"", i);
-			else sprintf (buf, "0x%08"PFMT64x"", i);
+			if (i<1024) snprintf (buf, sizeof (buf), "%"PFMT64d"", i);
+			else snprintf (buf, sizeof (buf), "0x%08"PFMT64x"", i);
 			node = r_config_node_new (name, buf);
 			node->flags = CN_RW | CN_OFFT;
 			node->i_value = i;
diff --git a/libr/io/p/io_ptrace.c b/libr/io/p/io_ptrace.c
index a591cb60ec..645354fc42 100644
--- a/libr/io/p/io_ptrace.c
+++ b/libr/io/p/io_ptrace.c
@@ -70,7 +70,7 @@ static int ptrace_write_at(int pid, const ut8 *pbuf, int sz, ut64 addr) {
 	if (last) {
 		lr = debug_read_raw (pid, (void*)at);
 		memcpy (&lr, buf+x, last);
-		if (debug_write_raw (pid, (void*)at, (void*)lr))
+		if (debug_write_raw (pid, (void*)at, lr))
 			return sz-last;
 	}
 	return sz; 
diff --git a/libr/util/str.c b/libr/util/str.c
index acb58cbdb1..5c80e9daeb 100644
--- a/libr/util/str.c
+++ b/libr/util/str.c
@@ -454,12 +454,15 @@ R_API void r_str_writef(int fd, const char *fmt, ...) {
  * return: the pointer ptr resized to string size.
  */
 R_API char *r_str_concat(char *ptr, const char *string) {
+	int slen, plen;
 	if (ptr == NULL)
 		return strdup (string);
-	ptr = realloc (ptr, strlen (string)+strlen (ptr)+1);
+	plen = strlen (ptr);
+	slen = strlen (string);
+	ptr = realloc (ptr, slen + plen + 1);
 	if (ptr == NULL)
 		return NULL;
-	strcat (ptr, string);
+	memcpy (ptr+plen, string, slen+1);
 	return ptr;
 }