Add safeguard against buffer overflow when calling scanf.

[gnushogi.git] / gnushogi / commondsp.c

diff --git a/gnushogi/commondsp.c b/gnushogi/commondsp.c
index 50dc032..ea38293 100644 (file)
--- a/gnushogi/commondsp.c
+++ b/gnushogi/commondsp.c
@@ -4,11 +4,14 @@
  *     Common display routines for GNU Shogi.
  *
  * ----------------------------------------------------------------------
- *
- * Copyright (c) 2012 Free Software Foundation
+ * Copyright (c) 1993, 1994, 1995 Matthias Mutz
+ * Copyright (c) 1999 Michael Vanier and the Free Software Foundation
  *
  * GNU SHOGI is based on GNU CHESS
  *
+ * Copyright (c) 1988, 1989, 1990 John Stanback
+ * Copyright (c) 1992 Free Software Foundation
+ *
  * This file is part of GNU SHOGI.
  *
  * GNU Shogi is free software; you can redistribute it and/or modify it
@@ -125,6 +128,17 @@ movealgbr(short m, char *s)
 
 /*
  * Generate move strings in different formats.
+ *
+ * INPUT:
+ * - f                                 piece to be moved
+ *   - 0 < f < NO_SQUARES                              source square
+ *   - NO_SQUARES <= f NO_SQUARES + 2*NO_PIECES                dropped piece modulo NO_PIECES
+ * - t & 0x7f                          target square
+ * - t & 0x80                          promotion flag
+ * - flag                              FIXME: must be zero ?
+ *
+ * OUTPUT:
+ * - GLOBAL mvstr
  */
 
 void
@@ -150,12 +164,8 @@ algbr(short f, short t, short flag)
 
     if ((f == t) && ((f != 0) || (t != 0)))
     {
-        if (!barebones)
-        {
-            if (NOT_CURSES)
-                printf("error in algbr: FROM=TO=%d, flag=0x%4x\n", t, flag);
-            else
-                printw("error in algbr: FROM=TO=%d, flag=0x%4x\n", t, flag);
+        if (!barebones) {
+            Printf("error in algbr: FROM=TO=%d, flag=0x%4x\n", t, flag);
         }
 
         mvstr[0][0] = mvstr[1][0] = mvstr[2][0] = mvstr[3][0] = '\0';
@@ -386,17 +396,17 @@ parser(char *f, int side, short *fpiece)
 
     if (f[1] == '*' || f[1] == '\'')
     {
-        c2 = '9' - f[2];
-        r2 = 'i' - f[3];
+        c2 = COL_NAME(f[2]);
+        r2 = ROW_NAME(f[3]);
 
         return ((NO_SQUARES + *fpiece) << 8) | locn(r2, c2);
     }
     else
     {
-        c1 = '9' - f[1];
-        r1 = 'i' - f[2];
-        c2 = '9' - f[3];
-        r2 = 'i' - f[4];
+        c1 = COL_NAME(f[1]);
+        r1 = ROW_NAME(f[2]);
+        c2 = COL_NAME(f[3]);
+        r2 = ROW_NAME(f[4]);
         p = (f[5] == '+') ? 0x80 : 0;
 
         return (locn(r1, c1) << 8) | locn(r2, c2) | p;
@@ -434,24 +444,12 @@ GetGame(void)
     short sq;
     short side, isp;
 
-    if (savefile[0])
-    {
+    if (savefile[0]) {
         strcpy(fname, savefile);
-    }
-    else
-    {
+    } else {
         /* Enter file name */
         ShowMessage(CP[63]);
-
-        if (NOT_CURSES)
-        {
-            scanf("%s", fname);
-        }
-        else
-        {
-            fflush(stdout);
-            scanw("%s", fname);
-        }
+        RequestInputString(fname, sizeof(fname)-1);
     }
 
     /* shogi.000 */
@@ -671,24 +669,12 @@ SaveGame(void)
     short side, piece;
     char empty[2] = "\n";
 
-    if (savefile[0])
-    {
+    if (savefile[0]) {
         strcpy(fname, savefile);
-    }
-    else
-    {
+    } else {
         /* Enter file name */
         ShowMessage(CP[63]);
-
-        if (NOT_CURSES)
-        {
-            scanf("%s", fname);
-        }
-        else
-        {
-            fflush(stdout);
-            scanw("%s", fname);
-        }
+        RequestInputString(fname, sizeof(fname)-1);
     }
 
     if (fname[0] == '\0')        /* shogi.000 */
@@ -716,7 +702,7 @@ SaveGame(void)
 
         for (i = NO_ROWS - 1; i > -1; i--)
         {
-            fprintf(fd, "%c ", 'i' - i);
+            fprintf(fd, "%c ", ROW_NAME(i));
 
             for (c = 0; c < NO_COLS; c++)
             {
@@ -751,7 +737,7 @@ SaveGame(void)
         }
 
         fputs(empty, fd);
-        fprintf(fd, "   9 8 7 6 5 4 3 2 1\n");
+        fprintf(fd, "   9 8 7 6 5 4 3 2 1\n");    /* FIXME */
         fputs(empty, fd);
         fprintf(fd, "   p  l  n  s  g  b  r  k\n");
 
@@ -832,16 +818,7 @@ GetXGame(void)
 
     /* Enter file name */
     ShowMessage(CP[63]);
-
-    if (NOT_CURSES)
-    {
-        scanf("%s", fname);
-    }
-    else
-    {
-        fflush(stdout);
-        scanw("%s", fname);
-    }
+    RequestInputString(fname, sizeof(fname)-1);
 
     if (fname[0] == '\0') /* XSHOGI.position.read */
         strcpy(fname, CP[205]);
@@ -969,16 +946,7 @@ SaveXGame(void)
 
     /* Enter file name */
     ShowMessage(CP[63]);
-
-    if (NOT_CURSES)
-    {
-        scanf("%s", fname);
-    }
-    else
-    {
-        fflush(stdout);
-        scanw("%s", fname);
-    }
+    RequestInputString(fname, sizeof(fname)-1);
 
     if (fname[0] == '\0') /* XSHOGI.position.read */
         strcpy(fname, CP[205]);
@@ -1051,24 +1019,12 @@ BookSave(void)
     char fname[256], sflags[4];
     short i, j, f, t;
 
-    if (savefile[0])
-    {
+    if (savefile[0]) {
         strcpy(fname, savefile);
-    }
-    else
-    {
+    } else {
         /* Enter file name */
         ShowMessage(CP[63]);
-
-        if (NOT_CURSES)
-        {
-            scanf("%s", fname);
-        }
-        else
-        {
-            fflush(stdout);
-            scanw("%s", fname);
-        }
+        RequestInputString(fname, sizeof(fname)-1);
     }
 
     if (fname[0] == '\0')
@@ -1731,8 +1687,8 @@ InputCommand(char *command)
             {
                 s[0] = sx[0] = '\0';
 
-                while(!sx[0])
-                    (void)fgets(sx, 80, stdin);
+                while(!eof && !sx[0])
+                    eof = (fgets(sx, 80, stdin) == NULL);
             }
             else
             {
@@ -2147,8 +2103,6 @@ InputCommand(char *command)
         printf("\n");
 #endif
     }
-
-    signal(SIGUSR1, TerminateSearch);
 }