From 04280439674dfa8bb41eb91084acb741c2ce19ee Mon Sep 17 00:00:00 2001
From: Campbell Barton <campbell@blender.org>
Date: Tue, 2 May 2023 16:47:57 +1000
Subject: [PATCH] BLI_string: add BLI_strncat, replace use of strcat that could
 overflow

---
 source/blender/blenkernel/intern/movieclip.c  |  3 +--
 source/blender/blenkernel/intern/writeavi.c   |  2 +-
 .../blender/blenkernel/intern/writeffmpeg.c   | 19 +++++++++++--------
 source/blender/blenlib/BLI_string.h           |  3 +++
 source/blender/blenlib/intern/string.c        | 13 +++++++++++++
 .../editors/interface/interface_ops.cc        |  2 +-
 .../io/usd/intern/usd_writer_volume.cc        |  4 ++--
 7 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/source/blender/blenkernel/intern/movieclip.c b/source/blender/blenkernel/intern/movieclip.c
index 284d529afce..545b5d0acda 100644
--- a/source/blender/blenkernel/intern/movieclip.c
+++ b/source/blender/blenkernel/intern/movieclip.c
@@ -545,8 +545,7 @@ static void get_proxy_filepath(const MovieClip *clip,
 
   BLI_path_abs(filepath, BKE_main_blendfile_path_from_global());
   BLI_path_frame(filepath, 1, 0);
-
-  strcat(filepath, ".jpg");
+  BLI_strncat(filepath, ".jpg", FILE_MAX);
 }
 
 #ifdef WITH_OPENEXR
diff --git a/source/blender/blenkernel/intern/writeavi.c b/source/blender/blenkernel/intern/writeavi.c
index d51bfec1899..accff94a3b5 100644
--- a/source/blender/blenkernel/intern/writeavi.c
+++ b/source/blender/blenkernel/intern/writeavi.c
@@ -165,7 +165,7 @@ static void filepath_avi(char *string, const RenderData *rd, bool preview, const
   if (rd->scemode & R_EXTENSION) {
     if (!BLI_path_extension_check(string, ".avi")) {
       BLI_path_frame_range(string, sfra, efra, 4);
-      strcat(string, ".avi");
+      BLI_strncat(string, ".avi", FILE_MAX);
     }
   }
   else {
diff --git a/source/blender/blenkernel/intern/writeffmpeg.c b/source/blender/blenkernel/intern/writeffmpeg.c
index 06eb9bb895a..2f96938e183 100644
--- a/source/blender/blenkernel/intern/writeffmpeg.c
+++ b/source/blender/blenkernel/intern/writeffmpeg.c
@@ -1357,8 +1357,11 @@ static void flush_ffmpeg(AVCodecContext *c, AVStream *stream, AVFormatContext *o
  * ********************************************************************** */
 
 /* Get the output filename-- similar to the other output formats */
-static void ffmpeg_filepath_get(
-    FFMpegContext *context, char *string, const RenderData *rd, bool preview, const char *suffix)
+static void ffmpeg_filepath_get(FFMpegContext *context,
+                                char string[FILE_MAX],
+                                const RenderData *rd,
+                                bool preview,
+                                const char *suffix)
 {
   char autosplit[20];
 
@@ -1379,7 +1382,7 @@ static void ffmpeg_filepath_get(
     efra = rd->efra;
   }
 
-  strcpy(string, rd->pic);
+  BLI_strncpy(string, rd->pic, FILE_MAX);
   BLI_path_abs(string, BKE_main_blendfile_path_from_global());
 
   BLI_make_existing_file(string);
@@ -1401,15 +1404,15 @@ static void ffmpeg_filepath_get(
     }
 
     if (*fe == NULL) {
-      strcat(string, autosplit);
+      BLI_strncat(string, autosplit, FILE_MAX);
 
       BLI_path_frame_range(string, sfra, efra, 4);
-      strcat(string, *exts);
+      BLI_strncat(string, *exts, FILE_MAX);
     }
     else {
       *(string + strlen(string) - strlen(*fe)) = '\0';
-      strcat(string, autosplit);
-      strcat(string, *fe);
+      BLI_strncat(string, autosplit, FILE_MAX);
+      BLI_strncat(string, *fe, FILE_MAX);
     }
   }
   else {
@@ -1417,7 +1420,7 @@ static void ffmpeg_filepath_get(
       BLI_path_frame_range(string, sfra, efra, 4);
     }
 
-    strcat(string, autosplit);
+    BLI_strncat(string, autosplit, FILE_MAX);
   }
 
   BLI_path_suffix(string, FILE_MAX, suffix, "");
diff --git a/source/blender/blenlib/BLI_string.h b/source/blender/blenlib/BLI_string.h
index 87749e90e77..2daec88ffb6 100644
--- a/source/blender/blenlib/BLI_string.h
+++ b/source/blender/blenlib/BLI_string.h
@@ -109,6 +109,9 @@ size_t BLI_strncpy_rlen(char *__restrict dst,
 size_t BLI_strcpy_rlen(char *__restrict dst, const char *__restrict src) ATTR_WARN_UNUSED_RESULT
     ATTR_NONNULL();
 
+char *BLI_strncat(char *__restrict dst, const char *__restrict src, size_t maxncpy)
+    ATTR_NONNULL(1, 2);
+
 /**
  * Return the range of the quoted string (excluding quotes) `str` after `prefix`.
  *
diff --git a/source/blender/blenlib/intern/string.c b/source/blender/blenlib/intern/string.c
index afb1a92c02a..1c492524b3f 100644
--- a/source/blender/blenlib/intern/string.c
+++ b/source/blender/blenlib/intern/string.c
@@ -138,6 +138,19 @@ size_t BLI_strcpy_rlen(char *__restrict dst, const char *__restrict src)
   return srclen;
 }
 
+/* -------------------------------------------------------------------- */
+/** \name String Append
+ * \{ */
+
+char *BLI_strncat(char *__restrict dst, const char *__restrict src, const size_t maxncpy)
+{
+  size_t len = BLI_strnlen(dst, maxncpy);
+  if (len < maxncpy) {
+    BLI_strncpy(dst + len, src, maxncpy - len);
+  }
+  return dst;
+}
+
 /** \} */
 
 /* -------------------------------------------------------------------- */
diff --git a/source/blender/editors/interface/interface_ops.cc b/source/blender/editors/interface/interface_ops.cc
index 6cd87cdbd2b..f7391c7a58a 100644
--- a/source/blender/editors/interface/interface_ops.cc
+++ b/source/blender/editors/interface/interface_ops.cc
@@ -1900,7 +1900,7 @@ static void edittranslation_find_po_file(const char *root,
       }
 
       BLI_path_join(path, maxlen, root, tstr);
-      strcat(tstr, ".po");
+      BLI_strncat(tstr, ".po", sizeof(tstr));
       BLI_path_append(path, maxlen, tstr);
       if (BLI_is_file(path)) {
         return;
diff --git a/source/blender/io/usd/intern/usd_writer_volume.cc b/source/blender/io/usd/intern/usd_writer_volume.cc
index 982a1ba8789..2b9e5a6558a 100644
--- a/source/blender/io/usd/intern/usd_writer_volume.cc
+++ b/source/blender/io/usd/intern/usd_writer_volume.cc
@@ -138,7 +138,7 @@ std::optional<std::string> USDVolumeWriter::construct_vdb_file_path(const Volume
 
   char vdb_directory_path[FILE_MAX];
   BLI_strncpy(vdb_directory_path, usd_directory_path, FILE_MAX);
-  strcat(vdb_directory_path, vdb_directory_name);
+  BLI_strncat(vdb_directory_path, vdb_directory_name, sizeof(vdb_directory_path));
   BLI_dir_create_recursive(vdb_directory_path);
 
   char vdb_file_name[FILE_MAXFILE];
@@ -149,7 +149,7 @@ std::optional<std::string> USDVolumeWriter::construct_vdb_file_path(const Volume
     const int num_frame_digits = frame == 0 ? 1 : integer_digits_i(abs(frame));
     BLI_path_frame(vdb_file_name, frame, num_frame_digits);
   }
-  strcat(vdb_file_name, ".vdb");
+  BLI_strncat(vdb_file_name, ".vdb", sizeof(vdb_file_name));
 
   char vdb_file_path[FILE_MAX];
   BLI_path_join(vdb_file_path, sizeof(vdb_file_path), vdb_directory_path, vdb_file_name);