From 33beceadd373089e33d2a966451da0895b228314 Mon Sep 17 00:00:00 2001
From: Dan Cross <patchdev@fat-dragon.org>
Date: Thu, 11 Oct 2018 10:51:05 +0000
Subject: [PATCH] CuTest: add Makefile, remove unsafe string operations

Replace unsafe string operations (strcpy, strcat,
sprintf, vsprintf) with safe equivalents:

1. The one use of strcpy into an allocated buffer was
   replaced with strdup.
2. The one use of strcat was replaced with a call to
   memmove and explicitly setting the NUL terminating
   byte.
3. sprintf()/vsprintf() calls were replaced with calls
   to snprintf()/vsnprintf(), respectively.

Added a Makefile to build the library as, er, a library
and run the test suite.

Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
---
 deps/cutest-1.5/CuTest.c     | 18 ++++++++----------
 deps/cutest-1.5/CuTestTest.c |  8 +++++---
 deps/cutest-1.5/Makefile     | 16 ++++++++++++++++
 3 files changed, 29 insertions(+), 13 deletions(-)
 create mode 100644 deps/cutest-1.5/Makefile

diff --git a/deps/cutest-1.5/CuTest.c b/deps/cutest-1.5/CuTest.c
index 8f61199..bd626cb 100644
--- a/deps/cutest-1.5/CuTest.c
+++ b/deps/cutest-1.5/CuTest.c
@@ -19,10 +19,7 @@ char* CuStrAlloc(int size)
 
 char* CuStrCopy(const char* old)
 {
-	int len = strlen(old);
-	char* newStr = CuStrAlloc(len + 1);
-	strcpy(newStr, old);
-	return newStr;
+	return strdup(old);
 }
 
 /*-------------------------------------------------------------------------*
@@ -71,8 +68,9 @@ void CuStringAppend(CuString* str, const char* text)
 	length = strlen(text);
 	if (str->length + length + 1 >= str->size)
 		CuStringResize(str, str->length + length + 1 + STRING_INC);
+	memmove(str->buffer + str->length, text, length);
 	str->length += length;
-	strcat(str->buffer, text);
+	str->buffer[str->length] = '\0';
 }
 
 void CuStringAppendChar(CuString* str, char ch)
@@ -88,7 +86,7 @@ void CuStringAppendFormat(CuString* str, const char* format, ...)
 	va_list argp;
 	char buf[HUGE_STRING_LEN];
 	va_start(argp, format);
-	vsprintf(buf, format, argp);
+	vsnprintf(buf, sizeof buf, format, argp);
 	va_end(argp);
 	CuStringAppend(str, buf);
 }
@@ -149,7 +147,7 @@ static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* str
 {
 	char buf[HUGE_STRING_LEN];
 
-	sprintf(buf, "%s:%d: ", file, line);
+	snprintf(buf, sizeof buf, "%s:%d: ", file, line);
 	CuStringInsert(string, buf, 0);
 
 	tc->failed = 1;
@@ -207,7 +205,7 @@ void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const cha
 {
 	char buf[STRING_MAX];
 	if (expected == actual) return;
-	sprintf(buf, "expected <%d> but was <%d>", expected, actual);
+	snprintf(buf, sizeof buf, "expected <%d> but was <%d>", expected, actual);
 	CuFail_Line(tc, file, line, message, buf);
 }
 
@@ -216,7 +214,7 @@ void CuAssertDblEquals_LineMsg(CuTest* tc, const char* file, int line, const cha
 {
 	char buf[STRING_MAX];
 	if (fabs(expected - actual) <= delta) return;
-	sprintf(buf, "expected <%f> but was <%f>", expected, actual); 
+	snprintf(buf, sizeof buf, "expected <%f> but was <%f>", expected, actual); 
 
 	CuFail_Line(tc, file, line, message, buf);
 }
@@ -226,7 +224,7 @@ void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const cha
 {
 	char buf[STRING_MAX];
 	if (expected == actual) return;
-	sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual);
+	snprintf(buf, sizeof buf, "expected pointer <0x%p> but was <0x%p>", expected, actual);
 	CuFail_Line(tc, file, line, message, buf);
 }
 
diff --git a/deps/cutest-1.5/CuTestTest.c b/deps/cutest-1.5/CuTestTest.c
index 547f119..a6689b4 100644
--- a/deps/cutest-1.5/CuTestTest.c
+++ b/deps/cutest-1.5/CuTestTest.c
@@ -213,7 +213,8 @@ void TestCuAssertPtrEquals_Failure(CuTest* tc)
 	CuTestInit(&tc2, "MyTest", TestPasses);
 
 	/* test failing case */
-	sprintf(expected_message, "expected pointer <0x%p> but was <0x%p>", nullPtr, &x);
+	snprintf(expected_message, sizeof expected_message,
+	         "expected pointer <0x%p> but was <0x%p>", nullPtr, &x);
 	CuAssertPtrEquals(&tc2, NULL, &x);
 	CuAssertTrue(tc, tc2.failed);
 	CompareAsserts(tc, "CuAssertPtrEquals failed", expected_message, tc2.message);
@@ -638,8 +639,9 @@ void TestAssertDblEquals(CuTest* tc)
 	CuTest *tc2 = CuTestNew("TestAssertDblEquals", zTestFails);
 	char expected[STRING_MAX];
 	char expectedMsg[STRING_MAX];
-	sprintf(expected, "expected <%lf> but was <%lf>", x, y);
-	sprintf(expectedMsg, "some text: expected <%lf> but was <%lf>", x, y);
+	snprintf(expected, sizeof expected, "expected <%lf> but was <%lf>", x, y);
+	snprintf(expectedMsg, sizeof expectedMsg,
+	         "some text: expected <%lf> but was <%lf>", x, y);
 
 	CuTestInit(tc2, "TestAssertDblEquals", TestPasses);
 
diff --git a/deps/cutest-1.5/Makefile b/deps/cutest-1.5/Makefile
new file mode 100644
index 0000000..6722047
--- /dev/null
+++ b/deps/cutest-1.5/Makefile
@@ -0,0 +1,16 @@
+LIB=		libcutest.a
+
+OBJS=		CuTest.o
+
+$(LIB):		$(OBJS)
+		ar ru $(LIB) $(OBJS)
+		ranlib $(LIB)
+
+$(OBJS):	CuTest.h
+
+test:		$(LIB)
+		$(CC) -o AllTests AllTests.c CuTestTest.c $(LIB)
+		./AllTests
+
+clean:
+		rm -f AllTests *.o $(LIB)