`memcpy(a, b, strlen(b));` is just a complicated way of writing
`strcpy(a, b);`, but even more dangerous since it omits the null
terminator. `strcpy` on untrusted data is always unsafe, and this data
does not appear to be checked before use. There is no need to copy the
data before using it, so switch to using it in place. This eliminates
the security problem and makes the code slightly smaller.
Fixes: 730879d733 ("Updated handling of data sent by tracker. ...")
The new tracker automatically exposes LAN games to the Internet. This
surprised one user rather badly, prompting him to think he had been
hacked. Add a first-host warning explaining the feature and asking the
user to choose whether to enable NAT hole punch.
Reported-by: Tourmeister <https://forum.dxx-rebirth.com/showthread.php?tid=943&pid=12179#pid12179>
References: <https://github.com/dxx-rebirth/dxx-rebirth/issues/372>
Fixes: 730879d733 ("... Added support for handling ACKs from tracker and Hole punching between game clients via tracker. ...")
Various functions are preprocessor-excluded by `BOTTOM_STUFF`, which has
been 0 since btb added it in a196e6d554
(October 2001). It seems unlikely that anyone will miss it.
Prior releases destroyed the control center when the kill goal timer
expired, even if no player had scored any kills. General cleanup of
kill goal quirks eliminated this odd rule, but players liked the old
rule and want it back. Restore it.
For the benefit of users less familiar with how setup is handled, add a
hook triggered by $DXX_SCONS_DEBUG_USER_SETTINGS to log initialization
of `user_settings` so that users can trace which values combined to
produce the observed results.
Per comment from kreator, some Apple systems now ship without a working
print screen key. It makes no sense to provide print screen support
bound to a key which does not exist. Add `screenshot=none` and activate
it on OS X to remove the unreachable screenshot support.
If the player commits suicide in Descent 2, Point_segs[-2] is accessed
because aip->hide_index = -1, aip->path_length = 0. As a spot fix,
check for underflow and skip the access if it would be out of bounds.
Prior versions of Descent had a bug that specifying `briefing=` did not
inhibit a briefing. Instead the directive was completely ignored. The
engine would then use the auto-detected briefing if one was found. This
quirk was eliminated during refactoring of the mission parsing code.
Unfortunately, some published missions relied on this bug: they ship a
briefing, but their mission file explicitly states that there is no
briefing. Players expect the briefing to play despite the mission
stating that there is none.
Reorder the logic to restore the bug that `briefing=` is ignored.
Reported-by: Calmarius <https://forum.dxx-rebirth.com/showthread.php?tid=1054>
Fixes: 6020c9c013 ("Use d_fname for DOS filenames")
When using variadic forwarding constructors
(`sconf_cxx11_inherit_constructor=force-failure`) instead of inheriting
constructors, some ternary expressions become ambiguous due to the
inability to forward the `explicit` modifier from the base class
constructor to the derived class. Add explicit type overrides to
disambiguate these expressions to the result that the compiler would
have picked on its own when using inheriting constructors.
This is safely ignored when the constructor cannot satisfy `constexpr`.
Without this modifier, forwarding to `constexpr` constructors is not
`constexpr`, which causes build failures.
clang-5 with `sconf_cxx11_inherit_constructor=force-failure`:
```
similar/main/gauges.cpp:553:61: error: constexpr constructor's 1st parameter type 'const (anonymous namespace)::hud_x_scale_float' (aka 'const hud_scale_float<'x'>') is not a literal type
similar/main/gauges.cpp:432:7: note: 'hud_scale_float<'x'>' is not literal because it is not an aggregate and has no constexpr constructors other than copy or move constructors
```
Fixes: 893e8cde06 ("Combine hud gauge parameters")
GCC std::remove_if overwrites removed elements using:
*dstiter = move(*srciter);
This is fine for normal containers, but produces incorrect results when
*dstiter returns a proxy object instead of a reference. In that case,
the proxy object is move-assigned from the source, then goes out of
scope. If the move assignment did not write to underlying storage, as
valptridx proxy objects do not, then incorrect results occur. This
broke ActiveDoor handling (fixed in 4a01fab66d98[1]) and has been a trap
waiting to recur. Apply reference-qualifiers to valptridx objects so
that move-assignment requires an lvalue for the left-hand side. This
permits normal use of move-assignment, but forces a compile error if
std::remove_if or similar are used on valptridx proxy objects.
[1]: 4a01fab66d
Ill-formed levels can provoke this exception. Downgrade the error from
a fatal exception to a CON_URGENT message.
Increase the array size to 32 from D1:7, D2:20, since each element is
only an int.
Switch from an assertion on bitmask overflow to a CON_URGENT warning.
Fixes: f7f416c3cb ("Trap blown bitmap overflow")
Many gauge functions take the same parameters, and pass those parameters
on to child functions in turn. Bundle common parameters into a few
standard structures, so that adding new context does not need to involve
every function in the chain for every new context value.
Replace magic strings with sentinel objects, so that mistakes are
reported as missing variables, rather than being legal at parse time and
incorrect at runtime.
If user_settings.sharepath is configured to be blank in SConstruct, omit
the C preprocessor macro SHAREPATH instead of defining it to expand to
an empty string. Adjust the C++ code that uses the macro SHAREPATH to
handle its absence:
- Clearer output in help text
- Skip adding blank SHAREPATH to the PhysFS search path.
As a nice side effect, this enables SHAREPATH on Windows, which could be
helpful for builds shipped with an installer that places game files in a
well-known location (such as "C:\Games\Descent"). Previously,
!defined(__unix__) systems did not add SHAREPATH to the PhysFS search
path, even when one was defined.