CINE: Avoid possible string buffer overrun by using strlcpy and strlcat

engines/cine/anim.cpp

@@ -287,7 +287,7 @@ void AnimData::load(byte *d, int type, uint16 w, uint16 h, int16 file,
 	_fileIdx = file;
 	_frameIdx = frame;
 	memset(_name, 0, sizeof(_name));
-	strcpy(_name, n);
+	Common::strlcpy(_name, n, sizeof(_name));
 	_realWidth = w;
 
 	switch (type) {

engines/cine/bg.cpp

@@ -48,7 +48,7 @@ byte loadCtFW(const char *ctName) {
 	}
 
 	if (currentCtName != ctName)
-		strcpy(currentCtName, ctName);
+		Common::strlcpy(currentCtName, ctName, sizeof(currentCtName));
 
 	ptr = dataPtr = readBundleFile(foundFileIdx);
 
@@ -75,7 +75,7 @@ byte loadCtOS(const char *ctName) {
 	}
 
 	if (currentCtName != ctName)
-		strcpy(currentCtName, ctName);
+		Common::strlcpy(currentCtName, ctName, sizeof(currentCtName));
 
 	ptr = dataPtr = readBundleFile(foundFileIdx);
 

engines/cine/gfx.cpp

@@ -730,7 +730,7 @@ void FWRenderer::loadBg16(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_background);
 
-	strcpy(_bgName, name);
+	Common::strlcpy(_bgName, name, sizeof(_bgName));
 
 	// Load the 16 color palette
 	_backupPal.load(bg, kLowPalNumBytes, kLowPalFormat, kLowPalNumColors, CINE_BIG_ENDIAN);
@@ -1403,7 +1403,7 @@ void OSRenderer::loadBg16(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_bgTable[idx].bg);
 
-	strcpy(_bgTable[idx].name, name);
+	Common::strlcpy(_bgTable[idx].name, name, sizeof(_bgTable[idx].name));
 
 	// Load the 16 color palette
 	_bgTable[idx].pal.load(bg, kLowPalNumBytes, kLowPalFormat, kLowPalNumColors, CINE_BIG_ENDIAN);
@@ -1441,7 +1441,7 @@ void OSRenderer::loadBg256(const byte *bg, const char *name, unsigned int idx) {
 
 	assert(_bgTable[idx].bg);
 
-	strcpy(_bgTable[idx].name, name);
+	Common::strlcpy(_bgTable[idx].name, name, sizeof(_bgTable[idx].name));
 	_bgTable[idx].pal.load(bg, kHighPalNumBytes, kHighPalFormat, kHighPalNumColors, CINE_LITTLE_ENDIAN);
 	memcpy(_bgTable[idx].bg, bg + kHighPalNumBytes, _screenSize);
 }

engines/cine/pal.cpp

@@ -62,9 +62,9 @@ int16 findPaletteFromName(const char *fileName) {
 	uint16 position = 0;
 	uint16 i;
 
-	strcpy(buffer, fileName);
+	Common::strlcpy(buffer, fileName, sizeof(buffer));
 
-	while (position < strlen(fileName)) {
+	while (position < strlen(buffer)) {
 		if (buffer[position] > 'a' && buffer[position] < 'z') {
 			buffer[position] += 'A' - 'a';
 		}

engines/cine/part.cpp

@@ -47,7 +47,7 @@ void loadPart(const char *partName) {
 	g_cine->_partFileHandle.readUint16BE(); // entry size
 
 	if (currentPartName != partName)
-		strcpy(currentPartName, partName);
+		Common::strlcpy(currentPartName, partName, sizeof(currentPartName));
 
 	for (uint16 i = 0; i < g_cine->_partBuffer.size(); i++) {
 		g_cine->_partFileHandle.read(g_cine->_partBuffer[i].partName, 14);

engines/cine/script_fw.cpp

@@ -1419,19 +1419,19 @@ int FWScript::o1_loadNewPrcName() {
 	switch (param1) {
 	case 0:
 		debugC(5, kCineDebugScript, "Line: %d: loadPrc(\"%s\")", _line, param2);
-		strcpy(newPrcName, param2);
+		Common::strlcpy(newPrcName, param2, sizeof(newPrcName));
 		break;
 	case 1:
 		debugC(5, kCineDebugScript, "Line: %d: loadRel(\"%s\")", _line, param2);
-		strcpy(newRelName, param2);
+		Common::strlcpy(newRelName, param2, sizeof(newRelName));
 		break;
 	case 2:
 		debugC(5, kCineDebugScript, "Line: %d: loadObject(\"%s\")", _line, param2);
-		strcpy(newObjectName, param2);
+		Common::strlcpy(newObjectName, param2, sizeof(newObjectName));
 		break;
 	case 3:
 		debugC(5, kCineDebugScript, "Line: %d: loadMsg(\"%s\")", _line, param2);
-		strcpy(newMsgName, param2);
+		Common::strlcpy(newMsgName, param2, sizeof(newMsgName));
 		break;
 	}
 	return 0;

engines/cine/sound.cpp

@@ -813,7 +813,7 @@ bool PCSoundFxPlayer::load(const char *song) {
 			if (dot) {
 				*dot = '\0';
 			}
-			strcat(instrument, _driver->getInstrumentExtension());
+			Common::strlcat(instrument, _driver->getInstrumentExtension(), sizeof(instrument));
 			uint32 instrumentSize;
 			_instrumentsData[i] = readBundleSoundFile(instrument, &instrumentSize);
 			if (!_instrumentsData[i]) {