From 7d06843ea7eb322ab2ebd3adfeb13d19ff39f899 Mon Sep 17 00:00:00 2001
From: Dimitris Panokostas <midwan@gmail.com>
Date: Fri, 8 Feb 2019 20:46:43 +0100
Subject: [PATCH] Fixed potential buffer overflow situations in gui Panels

---
 src/osdep/gui/PanelConfig.cpp     | 4 ++--
 src/osdep/gui/PanelCustom.cpp     | 9 ++++-----
 src/osdep/gui/PanelDisplay.cpp    | 2 +-
 src/osdep/gui/PanelQuickstart.cpp | 2 +-
 src/osdep/gui/SelectFile.cpp      | 6 +++---
 src/osdep/gui/SelectFolder.cpp    | 4 ++--
 src/osdep/gui/SelectorEntry.cpp   | 2 +-
 src/osdep/gui/main_window.cpp     | 4 ++--
 8 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/src/osdep/gui/PanelConfig.cpp b/src/osdep/gui/PanelConfig.cpp
index 28a3fa17..4a4cbb49 100644
--- a/src/osdep/gui/PanelConfig.cpp
+++ b/src/osdep/gui/PanelConfig.cpp
@@ -95,7 +95,7 @@ public:
 			if (strlen(i->Description) > 0)
 			{
 				strncat(tmp, " (", MAX_DPATH - 1);
-				strncat(tmp, i->Description, MAX_DPATH - 1);
+				strncat(tmp, i->Description, MAX_DPATH - 3);
 				strncat(tmp, ")", MAX_DPATH - 1);
 			}
 			configs.emplace_back(tmp);
@@ -142,7 +142,7 @@ public:
 			{
 				fetch_configurationpath(filename, MAX_DPATH);
 				strncat(filename, txtName->getText().c_str(), MAX_DPATH - 1);
-				strncat(filename, ".uae", MAX_DPATH);
+				strncat(filename, ".uae", MAX_DPATH - 1);
 				strncpy(changed_prefs.description, txtDesc->getText().c_str(), 256);
 				if (cfgfile_save(&changed_prefs, filename, 0))
 					RefreshPanelConfig();
diff --git a/src/osdep/gui/PanelCustom.cpp b/src/osdep/gui/PanelCustom.cpp
index 1230fddd..d1d43173 100644
--- a/src/osdep/gui/PanelCustom.cpp
+++ b/src/osdep/gui/PanelCustom.cpp
@@ -466,12 +466,11 @@ void InitPanelCustom(const struct _ConfigCategory& category)
 	auto posY = 144 + 40;
 	for (i = 0; i < 7; ++i)
 	{
-		category.panel->add(lblCustomAction[i], DISTANCE_BORDER/2, posY);
-		category.panel->add(cboCustomAction[i], DISTANCE_BORDER/2 + lblCustomAction[i]->getWidth() + 4, posY);
+		category.panel->add(lblCustomAction[i], DISTANCE_BORDER / 2, posY);
+		category.panel->add(cboCustomAction[i], DISTANCE_BORDER / 2 + lblCustomAction[i]->getWidth() + 4, posY);
 		posY = posY + DROPDOWN_HEIGHT + 6;
 	}
 
-
 	posY = 144 + 40;
 	for (i = 7; i < 14; ++i)
 	{
@@ -479,8 +478,8 @@ void InitPanelCustom(const struct _ConfigCategory& category)
 		category.panel->add(cboCustomAction[i], DISTANCE_BORDER + lblCustomAction[i]->getWidth() + 290 + 4, posY);
 		posY = posY + DROPDOWN_HEIGHT + 6;
 	}
-        
-        category.panel->add(chkAnalogRemap, DISTANCE_BORDER + lblCustomAction[0]->getWidth(), posY);
+
+	category.panel->add(chkAnalogRemap, DISTANCE_BORDER + lblCustomAction[0]->getWidth(), posY);
 	posY += chkAnalogRemap->getHeight() + DISTANCE_NEXT_Y;
 
 	category.panel->add(lblPortInput, DISTANCE_BORDER, 144);
diff --git a/src/osdep/gui/PanelDisplay.cpp b/src/osdep/gui/PanelDisplay.cpp
index a470f6b4..eaec7a21 100644
--- a/src/osdep/gui/PanelDisplay.cpp
+++ b/src/osdep/gui/PanelDisplay.cpp
@@ -258,7 +258,7 @@ void InitPanelDisplay(const struct _ConfigCategory& category)
 	grpLineMode = new gcn::Window("Line mode");
 #ifdef USE_SDL2
 	grpLineMode->setPosition(
-		grpScalingMethod->getWidth() + DISTANCE_BORDER + DISTANCE_NEXT_X, 
+		grpScalingMethod->getWidth() + DISTANCE_BORDER + DISTANCE_NEXT_X,
 		posY - DISTANCE_BORDER - grpScalingMethod->getHeight() - DISTANCE_NEXT_Y);
 #else
 	grpLineMode->setPosition(DISTANCE_BORDER, posY);
diff --git a/src/osdep/gui/PanelQuickstart.cpp b/src/osdep/gui/PanelQuickstart.cpp
index e2dd13bd..40357a72 100644
--- a/src/osdep/gui/PanelQuickstart.cpp
+++ b/src/osdep/gui/PanelQuickstart.cpp
@@ -206,7 +206,7 @@ static void SetControlState(const int model)
 
 static void AdjustPrefs(void)
 {
-	const auto old_cs = changed_prefs.cs_compatible;
+	//const auto old_cs = changed_prefs.cs_compatible;
 
 	built_in_prefs(&changed_prefs, quickstart_model, quickstart_conf, 0, 0);
 	switch (quickstart_model)
diff --git a/src/osdep/gui/SelectFile.cpp b/src/osdep/gui/SelectFile.cpp
index 4cafe9e0..ff87e523 100644
--- a/src/osdep/gui/SelectFile.cpp
+++ b/src/osdep/gui/SelectFile.cpp
@@ -109,7 +109,7 @@ public:
 					return;
 				strncpy(tmp, workingDir, MAX_DPATH - 1);
 				strncat(tmp, "/", MAX_DPATH - 1);
-				strncat(tmp, txtFilename->getText().c_str(), MAX_DPATH - 1);
+				strncat(tmp, txtFilename->getText().c_str(), MAX_DPATH - 2);
 				if (strstr(tmp, filefilter[0]) == nullptr)
 					strncat(tmp, filefilter[0], MAX_DPATH - 1);
 				if (my_existsfile(tmp) == 1)
@@ -122,7 +122,7 @@ public:
 				if (fileList->isDir(selected_item))
 					return; // Directory selected -> Ok not possible
 				strncat(workingDir, "/", MAX_DPATH - 1);
-				strncat(workingDir, fileList->getElementAt(selected_item).c_str(), MAX_DPATH - 1);
+				strncat(workingDir, fileList->getElementAt(selected_item).c_str(), MAX_DPATH - 2);
 				dialogResult = true;
 			}
 		}
@@ -176,7 +176,7 @@ public:
 		const auto selected_item = lstFiles->getSelected();
 		strncpy(foldername, workingDir, MAX_DPATH);
 		strncat(foldername, "/", MAX_DPATH - 1);
-		strncat(foldername, fileList->getElementAt(selected_item).c_str(), MAX_DPATH - 1);
+		strncat(foldername, fileList->getElementAt(selected_item).c_str(), MAX_DPATH - 2);
 		if (fileList->isDir(selected_item))
 			checkfoldername(foldername);
 		else if (!createNew)
diff --git a/src/osdep/gui/SelectFolder.cpp b/src/osdep/gui/SelectFolder.cpp
index 4f7a7d45..a4f33ad3 100644
--- a/src/osdep/gui/SelectFolder.cpp
+++ b/src/osdep/gui/SelectFolder.cpp
@@ -125,7 +125,7 @@ public:
 		const auto selected_item = lstFolders->getSelected();
 		strncpy(foldername, workingDir, MAX_DPATH - 1);
 		strncat(foldername, "/", MAX_DPATH - 1);
-		strncat(foldername, dirList.getElementAt(selected_item).c_str(), MAX_DPATH - 1);
+		strncat(foldername, dirList.getElementAt(selected_item).c_str(), MAX_DPATH - 2);
 		volName = dirList.getElementAt(selected_item);
 		checkfoldername(foldername);
 	}
@@ -369,7 +369,7 @@ bool SelectFolder(const char* title, char* value)
 	{
 		strncpy(value, workingDir, MAX_DPATH);
 		if (value[strlen(value) - 1] != '/')
-			strncat(value, "/", MAX_DPATH);
+			strncat(value, "/", MAX_DPATH - 1);
 	}
 	return dialogResult;
 }
diff --git a/src/osdep/gui/SelectorEntry.cpp b/src/osdep/gui/SelectorEntry.cpp
index 27c8e86e..6d9425f6 100644
--- a/src/osdep/gui/SelectorEntry.cpp
+++ b/src/osdep/gui/SelectorEntry.cpp
@@ -27,7 +27,7 @@ namespace gcn
 		label = new Label(caption);
 		label->setHeight(16);
 
-		Image* img = Image::load(imagepath);
+		auto img = Image::load(imagepath);
 		icon = new Icon(img);
 		icon->setSize(16, 16);
 
diff --git a/src/osdep/gui/main_window.cpp b/src/osdep/gui/main_window.cpp
index e535336a..306b5a31 100644
--- a/src/osdep/gui/main_window.cpp
+++ b/src/osdep/gui/main_window.cpp
@@ -791,8 +791,8 @@ namespace widgets
 					strncat(tmp, last_loaded_config, MAX_DPATH - 1);
 				else
 				{
-					strncat(tmp, OPTIONSFILENAME, MAX_DPATH);
-					strncat(tmp, ".uae", MAX_DPATH);
+					strncat(tmp, OPTIONSFILENAME, MAX_DPATH - 1);
+					strncat(tmp, ".uae", MAX_DPATH - 10);
 				}
 				uae_restart(-1, tmp);
 				gui_running = false;