DBG: fixed all kinds of small coding bugs (thanks to Coverity)

mrexodia · mrexodia · commit 5a214ab104d0 · 2014-08-31T23:21:31.000+02:00
diff --git a/x64_dbg_dbg/_exports.cpp b/x64_dbg_dbg/_exports.cpp
@@ -108,7 +108,7 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR
             if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement)
             {
                 if(settingboolget("Engine", "UndecorateSymbolNames") or !UnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))
-                    strcpy(addrinfo->label, pSymbol->Name);
+                    strcpy_s(addrinfo->label, pSymbol->Name);
                 retval = true;
             }
             if(!retval) //search for CALL <jmp.&user32.MessageBoxA>
diff --git a/x64_dbg_dbg/_global.cpp b/x64_dbg_dbg/_global.cpp
@@ -78,7 +78,7 @@ int memleaks()
 
 void setalloctrace(const char* file)
 {
-    strcpy(alloctrace, file);
+    strcpy_s(alloctrace, file);
 }
 
 bool arraycontains(const char* cmd_list, const char* cmd)
@@ -87,7 +87,7 @@ bool arraycontains(const char* cmd_list, const char* cmd)
     if(!cmd_list or !cmd)
         return false;
     char temp[deflen] = "";
-    strcpy(temp, cmd_list);
+    strcpy_s(temp, cmd_list);
     int len = (int)strlen(cmd_list);
     if(len >= deflen)
         return false;
diff --git a/x64_dbg_dbg/addrinfo.cpp b/x64_dbg_dbg/addrinfo.cpp
@@ -482,7 +482,7 @@ void commentcacheload(JSON root)
             curComment.manual = false;
             const char* text = json_string_value(json_object_get(value, "text"));
             if(text)
-                strcpy(curComment.text, text);
+                strcpy_s(curComment.text, text);
             else
                 continue; //skip
             const uint key = modhashfromname(curComment.mod) + curComment.addr;
@@ -664,7 +664,7 @@ void labelcacheload(JSON root)
             curLabel.manual = false;
             const char* text = json_string_value(json_object_get(value, "text"));
             if(text)
-                strcpy(curLabel.text, text);
+                strcpy_s(curLabel.text, text);
             else
                 continue; //skip
             const uint key = modhashfromname(curLabel.mod) + curLabel.addr;
diff --git a/x64_dbg_dbg/argument.cpp b/x64_dbg_dbg/argument.cpp
@@ -44,7 +44,7 @@ void argformat(char* cmd)
         start = len;
     char arguments_[deflen] = "";
     char* arguments = arguments_;
-    strcpy(arguments, command + start);
+    strcpy_s(arguments, deflen, command + start);
     char temp[deflen] = "";
     len = (int)strlen(arguments);
     for(int i = 0, j = 0; i < len; i++)
@@ -53,7 +53,7 @@ void argformat(char* cmd)
             i += 2;
         j += sprintf(temp + j, "%c", arguments[i]);
     }
-    strcpy(arguments, temp);
+    strcpy_s(arguments, deflen, temp);
     len = (int)strlen(arguments);
     for(int i = 0; i < len; i++)
         if(arguments[i] == '\\' and arguments[i + 1] == '\\')
@@ -79,7 +79,7 @@ void argformat(char* cmd)
                 arguments[i] = 0;
 
         for(int i = 0; i < len; i++)
-            if(arguments[i] == 1 and arguments[i + 1] == 1)
+            if(arguments[i] == 1 and (i < len - 1 and arguments[i + 1] == 1))
             {
                 arguments[i] = '\\';
                 arguments[i + 1] = '\\';
@@ -164,7 +164,7 @@ int arggetcount(const char* cmd)
     char* temp = temp_ + 1;
     strcpy(temp, cmd);
     for(int i = start; i < len; i++)
-        if(temp[i] == '\\' and temp[i + 1] == '\\')
+        if(temp[i] == '\\' and (i < len - 1 and temp[i + 1] == '\\'))
         {
             temp[i] = 1;
             temp[i + 1] = 1;
diff --git a/x64_dbg_dbg/breakpoint.cpp b/x64_dbg_dbg/breakpoint.cpp
@@ -36,7 +36,7 @@ bool bpnew(uint addr, bool enabled, bool singleshoot, short oldbytes, BP_TYPE ty
     bp.addr = addr - modbase;
     bp.enabled = enabled;
     if(name and * name)
-        strcpy(bp.name, name);
+        strcpy_s(bp.name, name);
     else
         *bp.name = '\0';
     bp.oldbytes = oldbytes;
@@ -110,7 +110,7 @@ bool bpsetname(uint addr, BP_TYPE type, const char* name)
     BreakpointsInfo::iterator found = breakpoints.find(BreakpointKey(type, modhashfromva(addr)));
     if(found == breakpoints.end()) //not found
         return false;
-    strcpy(breakpoints[found->first].name, name);
+    strcpy_s(breakpoints[found->first].name, name);
     return true;
 }
 
@@ -193,8 +193,10 @@ void bptobridge(const BREAKPOINT* bp, BRIDGEBP* bridge)
         break;
     case BPMEMORY:
         bridge->type = bp_memory;
+        break; //so that's why it didn't show in the gui.
     default:
         bridge->type = bp_none;
+        break;
     }
 }
 
@@ -242,10 +244,10 @@ void bpcacheload(JSON root)
             curBreakpoint.titantype = (DWORD)json_hex_value(json_object_get(value, "titantype"));
             const char* name = json_string_value(json_object_get(value, "name"));
             if(name)
-                strcpy(curBreakpoint.name, name);
+                strcpy_s(curBreakpoint.name, name);
             const char* mod = json_string_value(json_object_get(value, "module"));
             if(mod && *mod && strlen(mod) < MAX_MODULE_SIZE)
-                strcpy(curBreakpoint.mod, mod);
+                strcpy_s(curBreakpoint.mod, mod);
             const uint key = modhashfromname(curBreakpoint.mod) + curBreakpoint.addr;
             breakpoints.insert(std::make_pair(BreakpointKey(curBreakpoint.type, key), curBreakpoint));
         }
diff --git a/x64_dbg_dbg/command.cpp b/x64_dbg_dbg/command.cpp
@@ -75,7 +75,7 @@ bool cmdnew(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool d
 COMMAND* cmdget(COMMAND* command_list, const char* cmd)
 {
     char new_cmd[deflen] = "";
-    strcpy(new_cmd, cmd);
+    strcpy_s(new_cmd, cmd);
     int len = (int)strlen(new_cmd);
     int start = 0;
     while(new_cmd[start] != ' ' and start < len)
diff --git a/x64_dbg_dbg/debugger.cpp b/x64_dbg_dbg/debugger.cpp
@@ -661,11 +661,11 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo)
         len--;
     if(len)
         len++;
-    strcpy(sqlitedb, szFileName + len);
+    strcpy_s(sqlitedb, szFileName + len);
 #ifdef _WIN64
-    strcat(sqlitedb, ".dd64");
+    strcat_s(sqlitedb, ".dd64");
 #else
-    strcat(sqlitedb, ".dd32");
+    strcat_s(sqlitedb, ".dd32");
 #endif // _WIN64
     sprintf(dbpath, "%s\\%s", dbbasepath, sqlitedb);
     dprintf("Database file: %s\n", dbpath);
@@ -1171,7 +1171,7 @@ DWORD WINAPI threadDebugLoop(void* lpParameter)
     INIT_STRUCT* init = (INIT_STRUCT*)lpParameter;
     bFileIsDll = IsFileDLL(init->exe, 0);
     pDebuggedEntry = GetPE32Data(init->exe, 0, UE_OEP);
-    strcpy(szFileName, init->exe);
+    strcpy_s(szFileName, init->exe);
     if(bFileIsDll)
         fdProcessInfo = (PROCESS_INFORMATION*)InitDLLDebug(init->exe, false, init->commandline, init->currentfolder, 0);
     else
@@ -1429,12 +1429,12 @@ DWORD WINAPI threadAttachLoop(void* lpParameter)
     //inform GUI start we started without problems
     GuiSetDebugState(initialized);
     //set GUI title
-    strcpy(szBaseFileName, szFileName);
+    strcpy_s(szBaseFileName, szFileName);
     int len = (int)strlen(szBaseFileName);
     while(szBaseFileName[len] != '\\' and len)
         len--;
     if(len)
-        strcpy(szBaseFileName, szBaseFileName + len + 1);
+        strcpy_s(szBaseFileName, szBaseFileName + len + 1);
     GuiUpdateWindowTitle(szBaseFileName);
     //call plugin callback (init)
     PLUG_CB_INITDEBUG initInfo;
@@ -1706,7 +1706,7 @@ bool dbggetjitauto(bool* auto_on, arch arch_in, arch* arch_out, readwritejitkey_
 
     if(_readwritejitkey(jit_entry, & jit_entry_size, "Auto", arch_in, arch_out, & rw_error, false) == false)
     {
-        if(rw_error = ERROR_RW_FILE_NOT_FOUND)
+        if(rw_error == ERROR_RW_FILE_NOT_FOUND)
         {
             if(rw_error_out != NULL)
                 * rw_error_out = rw_error;
@@ -1738,7 +1738,7 @@ bool dbgsetjitauto(bool auto_on, arch arch_in, arch* arch_out, readwritejitkey_e
 
         if(_readwritejitkey(jit_entry, & jit_entry_size, "Auto", arch_in, arch_out, & rw_error, false) == false)
         {
-            if(rw_error = ERROR_RW_FILE_NOT_FOUND)
+            if(rw_error == ERROR_RW_FILE_NOT_FOUND)
                 return true;
         }
     }
diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp
@@ -812,13 +812,15 @@ static DWORD WINAPI scyllaThread(void* lpParam)
     {
         dputs("error loading Scylla.dll!");
         bScyllaLoaded = false;
+        FreeLibrary(hScylla);
         return 0;
     }
     ScyllaStartGui = (SCYLLASTARTGUI)GetProcAddress(hScylla, "ScyllaStartGui");
     if(!ScyllaStartGui)
     {
         dputs("could not find export 'ScyllaStartGui' inside Scylla.dll");
         bScyllaLoaded = false;
+        FreeLibrary(hScylla);
         return 0;
     }
     if(dbgisdll())
@@ -1324,7 +1326,7 @@ CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[])
 
 CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[])
 {
-    char szDefaultStore[MAX_PATH] = "";
+    char szDefaultStore[MAX_SETTING_SIZE] = "";
     const char* szSymbolStore = szDefaultStore;
     if(!BridgeSettingGet("Symbols", "DefaultStore", szDefaultStore)) //get default symbol store from settings
     {
@@ -1390,8 +1392,8 @@ CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[])
 
 CMDRESULT cbDebugGetJITAuto(int argc, char* argv[])
 {
-    bool jit_auto;
-    arch actual_arch;
+    bool jit_auto = false;
+    arch actual_arch = invalid;
 
     if(argc == 1)
     {
@@ -1514,17 +1516,17 @@ CMDRESULT cbDebugSetJITAuto(int argc, char* argv[])
 
 CMDRESULT cbDebugSetJIT(int argc, char* argv[])
 {
-    arch actual_arch;
-    char* jit_debugger_cmd;
+    arch actual_arch = invalid;
+    char* jit_debugger_cmd = "";
     char oldjit[MAX_SETTING_SIZE] = "";
+    char path[JIT_ENTRY_DEF_SIZE];
     if(!IsProcessElevated())
     {
         dprintf("Error run the debugger as Admin to setjit\n");
         return STATUS_ERROR;
     }
     if(argc < 2)
     {
-        char path[JIT_ENTRY_DEF_SIZE];
         dbggetdefjit(path);
 
         jit_debugger_cmd = path;
diff --git a/x64_dbg_dbg/math.cpp b/x64_dbg_dbg/math.cpp
@@ -310,7 +310,7 @@ static bool printlayer(char* exp, EXPRESSION* exps, int layer, bool silent, bool
             int len = close - open;
             strncpy(temp, exp + open + 1, len - 1);
 
-            strcpy(backup, exp + open + len + 1);
+            strcpy_s(backup, exp + open + len + 1);
 
             uint value;
             if(!mathfromstring(temp, &value, silent, baseonly, 0, 0))
diff --git a/x64_dbg_dbg/simplescript.cpp b/x64_dbg_dbg/simplescript.cpp
@@ -17,7 +17,7 @@ static bool volatile bIsRunning = false;
 static SCRIPTBRANCHTYPE scriptgetbranchtype(const char* text)
 {
     char newtext[MAX_SCRIPT_LINE_SIZE] = "";
-    strcpy(newtext, text);
+    strcpy_s(newtext, text);
     argformat(newtext); //format jump commands
     if(!strstr(newtext, " "))
         strcat(newtext, " ");
@@ -157,7 +157,7 @@ static bool scriptcreatelinemap(const char* filename)
             }
             else //no space before comment
             {
-                strcpy(line_comment, comment);
+                strcpy_s(line_comment, comment);
                 *comment = 0;
             }
         }
@@ -177,7 +177,9 @@ static bool scriptcreatelinemap(const char* filename)
             cur.type = linelabel;
             sprintf(cur.u.label, "l %.*s", rawlen - 1, cur.raw); //create a fake command for formatting
             argformat(cur.u.label); //format labels
-            strcpy(cur.u.label, cur.u.label + 2); //remove fake command
+            char temp[256] = "";
+            strcpy_s(temp, cur.u.label + 2);
+            strcpy_s(cur.u.label, temp); //remove fake command
             if(!*cur.u.label or !strcmp(cur.u.label, "\"\"")) //no label text
             {
                 char message[256] = "";
@@ -341,7 +343,7 @@ static CMDRESULT scriptinternalcmdexec(const char* cmd)
     else if(scriptisinternalcommand(cmd, "nop")) //do nothing
         return STATUS_CONTINUE;
     char command[deflen] = "";
-    strcpy(command, cmd);
+    strcpy_s(command, cmd);
     argformat(command);
     COMMAND* found = cmdfindmain(dbggetcommandlist(), command);
     if(!found) //invalid command
@@ -495,7 +497,7 @@ static DWORD WINAPI scriptLoadThread(void* filename)
 void scriptload(const char* filename)
 {
     static char filename_[MAX_PATH] = "";
-    strcpy(filename_, filename);
+    strcpy_s(filename_, filename);
     CloseHandle(CreateThread(0, 0, scriptLoadThread, filename_, 0, 0));
 }
 
diff --git a/x64_dbg_dbg/symbolinfo.cpp b/x64_dbg_dbg/symbolinfo.cpp
@@ -156,7 +156,7 @@ const char* symgetsymbolicname(uint addr)
         if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement)
         {
             if(!settingboolget("Engine", "UndecorateSymbolNames") or !UnDecorateSymbolName(pSymbol->Name, label, MAX_SYM_NAME, UNDNAME_COMPLETE))
-                strcpy(label, pSymbol->Name);
+                strcpy_s(label, pSymbol->Name);
             retval = true;
         }
     }
diff --git a/x64_dbg_dbg/thread.cpp b/x64_dbg_dbg/thread.cpp
@@ -93,7 +93,7 @@ bool threadsetname(DWORD dwThreadId, const char* name)
         if(threadList.at(i).dwThreadId == dwThreadId)
         {
             if(name)
-                strcpy(threadList.at(i).threadName, name);
+                strcpy_s(threadList.at(i).threadName, name);
             else
                 *threadList.at(i).threadName = '\0';
         }
diff --git a/x64_dbg_dbg/value.cpp b/x64_dbg_dbg/value.cpp
@@ -1003,7 +1003,7 @@ bool valapifromstring(const char* name, uint* value, int* value_size, bool print
             int len = (int)strlen(szModName);
             while(szModName[len] != '\\')
                 len--;
-            strcpy(szBaseName, szModName + len + 1);
+            strcpy_s(szBaseName, szModName + len + 1);
             HMODULE mod = LoadLibraryExA(szModName, 0, DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
             if(!mod)
             {
diff --git a/x64_dbg_dbg/variable.cpp b/x64_dbg_dbg/variable.cpp
@@ -150,7 +150,8 @@ bool varget(const char* name, uint* value, int* size, VAR_TYPE* type)
         return true; //variable was valid, just get the size
     if(type)
         *type = vartype;
-    *value = varvalue.u.value;
+    if(value)
+        *value = varvalue.u.value;
     return true;
 }
 
@@ -167,7 +168,8 @@ bool varget(const char* name, char* string, int* size, VAR_TYPE* type)
         return true; //variable was valid, just get the size
     if(type)
         *type = vartype;
-    memcpy(string, &varvalue.u.data->front(), varsize);
+    if(string)
+        memcpy(string, &varvalue.u.data->front(), varsize);
     return true;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR`
`108`	`108`	`if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement)`
`109`	`109`	`{`
`110`	`110`	`if(settingboolget("Engine", "UndecorateSymbolNames") or !UnDecorateSymbolName(pSymbol->Name, addrinfo->label, MAX_LABEL_SIZE, UNDNAME_COMPLETE))`
`111`		`- strcpy(addrinfo->label, pSymbol->Name);`
	`111`	`+ strcpy_s(addrinfo->label, pSymbol->Name);`
`112`	`112`	`retval = true;`
`113`	`113`	`}`
`114`	`114`	`if(!retval) //search for CALL <jmp.&user32.MessageBoxA>`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ bool cmdnew(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool d`
`75`	`75`	`COMMAND* cmdget(COMMAND* command_list, const char* cmd)`
`76`	`76`	`{`
`77`	`77`	`char new_cmd[deflen] = "";`
`78`		`- strcpy(new_cmd, cmd);`
	`78`	`+ strcpy_s(new_cmd, cmd);`
`79`	`79`	`int len = (int)strlen(new_cmd);`
`80`	`80`	`int start = 0;`
`81`	`81`	`while(new_cmd[start] != ' ' and start < len)`
Original file line number	Diff line number	Diff line change
`@@ -812,13 +812,15 @@ static DWORD WINAPI scyllaThread(void* lpParam)`
`812`	`812`	`{`
`813`	`813`	`dputs("error loading Scylla.dll!");`
`814`	`814`	`bScyllaLoaded = false;`
	`815`	`+ FreeLibrary(hScylla);`
`815`	`816`	`return 0;`
`816`	`817`	`}`
`817`	`818`	`ScyllaStartGui = (SCYLLASTARTGUI)GetProcAddress(hScylla, "ScyllaStartGui");`
`818`	`819`	`if(!ScyllaStartGui)`
`819`	`820`	`{`
`820`	`821`	`dputs("could not find export 'ScyllaStartGui' inside Scylla.dll");`
`821`	`822`	`bScyllaLoaded = false;`
	`823`	`+ FreeLibrary(hScylla);`
`822`	`824`	`return 0;`
`823`	`825`	`}`
`824`	`826`	`if(dbgisdll())`
`@@ -1324,7 +1326,7 @@ CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[])`
`1324`	`1326`
`1325`	`1327`	`CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[])`
`1326`	`1328`	`{`
`1327`		`- char szDefaultStore[MAX_PATH] = "";`
	`1329`	`+ char szDefaultStore[MAX_SETTING_SIZE] = "";`
`1328`	`1330`	`const char* szSymbolStore = szDefaultStore;`
`1329`	`1331`	`if(!BridgeSettingGet("Symbols", "DefaultStore", szDefaultStore)) //get default symbol store from settings`
`1330`	`1332`	`{`
`@@ -1390,8 +1392,8 @@ CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[])`
`1390`	`1392`
`1391`	`1393`	`CMDRESULT cbDebugGetJITAuto(int argc, char* argv[])`
`1392`	`1394`	`{`
`1393`		`- bool jit_auto;`
`1394`		`- arch actual_arch;`
	`1395`	`+ bool jit_auto = false;`
	`1396`	`+ arch actual_arch = invalid;`
`1395`	`1397`
`1396`	`1398`	`if(argc == 1)`
`1397`	`1399`	`{`
`@@ -1514,17 +1516,17 @@ CMDRESULT cbDebugSetJITAuto(int argc, char* argv[])`
`1514`	`1516`
`1515`	`1517`	`CMDRESULT cbDebugSetJIT(int argc, char* argv[])`
`1516`	`1518`	`{`
`1517`		`- arch actual_arch;`
`1518`		`- char* jit_debugger_cmd;`
	`1519`	`+ arch actual_arch = invalid;`
	`1520`	`+ char* jit_debugger_cmd = "";`
`1519`	`1521`	`char oldjit[MAX_SETTING_SIZE] = "";`
	`1522`	`+ char path[JIT_ENTRY_DEF_SIZE];`
`1520`	`1523`	`if(!IsProcessElevated())`
`1521`	`1524`	`{`
`1522`	`1525`	`dprintf("Error run the debugger as Admin to setjit\n");`
`1523`	`1526`	`return STATUS_ERROR;`
`1524`	`1527`	`}`
`1525`	`1528`	`if(argc < 2)`
`1526`	`1529`	`{`
`1527`		`- char path[JIT_ENTRY_DEF_SIZE];`
`1528`	`1530`	`dbggetdefjit(path);`
`1529`	`1531`
`1530`	`1532`	`jit_debugger_cmd = path;`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ static bool volatile bIsRunning = false;`
`17`	`17`	`static SCRIPTBRANCHTYPE scriptgetbranchtype(const char* text)`
`18`	`18`	`{`
`19`	`19`	`char newtext[MAX_SCRIPT_LINE_SIZE] = "";`
`20`		`- strcpy(newtext, text);`
	`20`	`+ strcpy_s(newtext, text);`
`21`	`21`	`argformat(newtext); //format jump commands`
`22`	`22`	`if(!strstr(newtext, " "))`
`23`	`23`	`strcat(newtext, " ");`
`@@ -157,7 +157,7 @@ static bool scriptcreatelinemap(const char* filename)`
`157`	`157`	`}`
`158`	`158`	`else //no space before comment`
`159`	`159`	`{`
`160`		`- strcpy(line_comment, comment);`
	`160`	`+ strcpy_s(line_comment, comment);`
`161`	`161`	`*comment = 0;`
`162`	`162`	`}`
`163`	`163`	`}`
`@@ -177,7 +177,9 @@ static bool scriptcreatelinemap(const char* filename)`
`177`	`177`	`cur.type = linelabel;`
`178`	`178`	`sprintf(cur.u.label, "l %.*s", rawlen - 1, cur.raw); //create a fake command for formatting`
`179`	`179`	`argformat(cur.u.label); //format labels`
`180`		`- strcpy(cur.u.label, cur.u.label + 2); //remove fake command`
	`180`	`+ char temp[256] = "";`
	`181`	`+ strcpy_s(temp, cur.u.label + 2);`
	`182`	`+ strcpy_s(cur.u.label, temp); //remove fake command`
`181`	`183`	`if(!*cur.u.label or !strcmp(cur.u.label, "\"\"")) //no label text`
`182`	`184`	`{`
`183`	`185`	`char message[256] = "";`
`@@ -341,7 +343,7 @@ static CMDRESULT scriptinternalcmdexec(const char* cmd)`
`341`	`343`	`else if(scriptisinternalcommand(cmd, "nop")) //do nothing`
`342`	`344`	`return STATUS_CONTINUE;`
`343`	`345`	`char command[deflen] = "";`
`344`		`- strcpy(command, cmd);`
	`346`	`+ strcpy_s(command, cmd);`
`345`	`347`	`argformat(command);`
`346`	`348`	`COMMAND* found = cmdfindmain(dbggetcommandlist(), command);`
`347`	`349`	`if(!found) //invalid command`
`@@ -495,7 +497,7 @@ static DWORD WINAPI scriptLoadThread(void* filename)`
`495`	`497`	`void scriptload(const char* filename)`
`496`	`498`	`{`
`497`	`499`	`static char filename_[MAX_PATH] = "";`
`498`		`- strcpy(filename_, filename);`
	`500`	`+ strcpy_s(filename_, filename);`
`499`	`501`	`CloseHandle(CreateThread(0, 0, scriptLoadThread, filename_, 0, 0));`
`500`	`502`	`}`
`501`	`503`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ const char* symgetsymbolicname(uint addr)`
`156`	`156`	`if(SymFromAddr(fdProcessInfo->hProcess, (DWORD64)addr, &displacement, pSymbol) and !displacement)`
`157`	`157`	`{`
`158`	`158`	`if(!settingboolget("Engine", "UndecorateSymbolNames") or !UnDecorateSymbolName(pSymbol->Name, label, MAX_SYM_NAME, UNDNAME_COMPLETE))`
`159`		`- strcpy(label, pSymbol->Name);`
	`159`	`+ strcpy_s(label, pSymbol->Name);`
`160`	`160`	`retval = true;`
`161`	`161`	`}`
`162`	`162`	`}`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ bool threadsetname(DWORD dwThreadId, const char* name)`
`93`	`93`	`if(threadList.at(i).dwThreadId == dwThreadId)`
`94`	`94`	`{`
`95`	`95`	`if(name)`
`96`		`- strcpy(threadList.at(i).threadName, name);`
	`96`	`+ strcpy_s(threadList.at(i).threadName, name);`
`97`	`97`	`else`
`98`	`98`	`*threadList.at(i).threadName = '\0';`
`99`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1003,7 +1003,7 @@ bool valapifromstring(const char* name, uint* value, int* value_size, bool print`
`1003`	`1003`	`int len = (int)strlen(szModName);`
`1004`	`1004`	`while(szModName[len] != '\\')`
`1005`	`1005`	`len--;`
`1006`		`- strcpy(szBaseName, szModName + len + 1);`
	`1006`	`+ strcpy_s(szBaseName, szModName + len + 1);`
`1007`	`1007`	`HMODULE mod = LoadLibraryExA(szModName, 0, DONT_RESOLVE_DLL_REFERENCES \| LOAD_LIBRARY_AS_DATAFILE);`
`1008`	`1008`	`if(!mod)`
`1009`	`1009`	`{`