Use strncpy instead of strcpy because again, buffer overflows

Engine/source/T3D/components/component.cpp

@@ -548,7 +548,7 @@ const char * Component::getDescriptionText(const char *desc)
    if (!Platform::isFile(desc))
    {
       newDesc = new char[dStrlen(desc) + 1];
-      dStrcpy(newDesc, desc);
+      dStrcpy(newDesc, desc, dStrlen(desc) + 1);
 
       return newDesc;
    }

Engine/source/T3D/decal/decalManager.cpp

@@ -1495,7 +1495,7 @@ bool DecalManager::_createDataFile()
 
    // See if we know our current mission name
    char missionName[1024];
-   dStrcpy( missionName, Con::getVariable( "$Client::MissionFile" ) );
+   dStrcpy( missionName, Con::getVariable( "$Client::MissionFile" ), 1024 );
    char *dot = dStrstr((const char*)missionName, ".mis");
    if(dot)
       *dot = '\0';

Engine/source/T3D/fx/particle.cpp

@@ -595,7 +595,7 @@ bool ParticleData::preload(bool server, String &errorStr)
         animTexFrames.clear();
 
         char* tokCopy = new char[dStrlen(animTexFramesString) + 1];
-        dStrcpy(tokCopy, animTexFramesString);
+        dStrcpy(tokCopy, animTexFramesString, dStrlen(animTexFramesString) + 1);
 
         char* currTok = dStrtok(tokCopy, " \t");
         while (currTok != NULL) 

Engine/source/T3D/fx/particleEmitter.cpp

@@ -609,7 +609,7 @@ bool ParticleEmitterData::onAdd()
       // First we parse particleString into a list of particle name tokens 
       Vector<char*> dataBlocks(__FILE__, __LINE__);
       char* tokCopy = new char[dStrlen(particleString) + 1];
-      dStrcpy(tokCopy, particleString);
+      dStrcpy(tokCopy, particleString, dStrlen(particleString) + 1);
 
       char* currTok = dStrtok(tokCopy, " \t");
       while (currTok != NULL) 

Engine/source/T3D/item.cpp

@@ -1254,7 +1254,7 @@ DefineEngineMethod( Item, getLastStickyPos, const char*, (),,
                object->mStickyCollisionPos.y,
                object->mStickyCollisionPos.z);
    else
-      dStrcpy(ret, "0 0 0");
+      dStrcpy(ret, "0 0 0", bufSize);
 
    return ret;
 }
@@ -1277,7 +1277,7 @@ DefineEngineMethod( Item, getLastStickyNormal, const char *, (),,
                object->mStickyCollisionNormal.y,
                object->mStickyCollisionNormal.z);
    else
-      dStrcpy(ret, "0 0 0");
+      dStrcpy(ret, "0 0 0", bufSize);
 
    return ret;
 }

Engine/source/afx/afxMagicMissile.cpp

@@ -447,7 +447,7 @@ bool afxMagicMissileData::onAdd()
 
       // make a copy of points_string
       char* tokCopy = new char[dStrlen(wiggle_axis_string) + 1];
-      dStrcpy(tokCopy, wiggle_axis_string);
+      dStrcpy(tokCopy, wiggle_axis_string, dStrlen(wiggle_axis_string) + 1);
 
       // extract tokens one by one, adding them to dataBlocks
       char* currTok = dStrtok(tokCopy, " \t");

Engine/source/afx/ce/afxParticleEmitter.cpp

@@ -142,7 +142,7 @@ bool afxParticleEmitterData::onAdd()
   {
     Vector<char*> dataBlocks(__FILE__, __LINE__);
     char* tokCopy = new char[dStrlen(tpaths_string) + 1];
-    dStrcpy(tokCopy, tpaths_string);
+    dStrcpy(tokCopy, tpaths_string, dStrlen(tpaths_string) + 1);
     
     char* currTok = dStrtok(tokCopy, " \t");
     while (currTok != NULL) 
@@ -468,7 +468,7 @@ bool afxParticleEmitterPathData::onAdd()
   {
     Vector<char*> dataBlocks(__FILE__, __LINE__);
     char* tokCopy = new char[dStrlen(epaths_string) + 1];
-    dStrcpy(tokCopy, epaths_string);
+    dStrcpy(tokCopy, epaths_string, dStrlen(epaths_string) + 1);
 
     char* currTok = dStrtok(tokCopy, " \t");
     while (currTok != NULL) 
@@ -553,7 +553,7 @@ void afxParticleEmitterPathData::onPerformSubstitutions()
   {
     Vector<char*> dataBlocks(__FILE__, __LINE__);
     char* tokCopy = new char[dStrlen(epaths_string) + 1];
-    dStrcpy(tokCopy, epaths_string);
+    dStrcpy(tokCopy, epaths_string, dStrlen(epaths_string) + 1);
 
     char* currTok = dStrtok(tokCopy, " \t");
     while (currTok != NULL) 

Engine/source/afx/ea/afxEA_PhraseEffect.cpp

@@ -272,10 +272,10 @@ void afxEA_PhraseEffect::trigger_new_phrase()
   if (phrase_fx_data->on_trig_cmd != ST_NULLSTRING)
   {
     char obj_str[32];
-    dStrcpy(obj_str, Con::getIntArg(choreographer->getId()));
+    dStrcpy(obj_str, Con::getIntArg(choreographer->getId()), 32);
 
     char index_str[32];
-    dStrcpy(index_str, Con::getIntArg(group_index));
+    dStrcpy(index_str, Con::getIntArg(group_index), 32);
 
     char buffer[1024];
     char* b = buffer;
@@ -382,4 +382,4 @@ bool afxEA_PhraseEffectDesc::requiresStop(const afxEffectWrapperData* ew, const
   return (timing.lifetime < 0);
 }
 
-//~~~~~~~~~~~~~~~~~~~~//~~~~~~~~~~~~~~~~~~~~//~~~~~~~~~~~~~~~~~~~~//~~~~~~~~~~~~~~~~~~~~~//
+//~~~~~~~~~~~~~~~~~~~~//~~~~~~~~~~~~~~~~~~~~//~~~~~~~~~~~~~~~~~~~~//~~~~~~~~~~~~~~~~~~~~~//

Engine/source/afx/rpg/afxRPGMagicSpell.cpp

@@ -194,7 +194,7 @@ char* afxRPGMagicSpellData::fmt_placeholder_desc(char* buffer, int len) const
 {
   char pack_str[32]; 
   if (source_pack == ST_NULLSTRING)
-    dStrcpy(pack_str, "unknown");
+    dStrcpy(pack_str, "unknown", 32);
   else
     dSprintf(pack_str, 32, "%s", source_pack);
 
@@ -225,7 +225,7 @@ char* afxRPGMagicSpellData::formatDesc(char* buffer, int len) const
     {
       if (spell_target != TARGET_NOTHING)
       {
-        dStrcpy(target_str, _afxRPGMagicSpell_TargetType::_sEnumTable[i].mName);
+        dStrcpy(target_str, _afxRPGMagicSpell_TargetType::_sEnumTable[i].mName, 32);
         if (spell_target != TARGET_FREE && target_optional)
           dStrcat(target_str, " (opt)", 32);
       }
@@ -245,13 +245,13 @@ char* afxRPGMagicSpellData::formatDesc(char* buffer, int len) const
 
   char casting_str[32];
   if (casting_dur <= 0)
-    dStrcpy(casting_str, "instant");
+    dStrcpy(casting_str, "instant", 32);
   else
     dSprintf(casting_str, 32, "%.1f sec cast", casting_dur);
 
   char pack_str[32]; 
   if (source_pack == ST_NULLSTRING)
-    dStrcpy(pack_str, "unknown");
+    dStrcpy(pack_str, "unknown", 32);
   else
     dSprintf(pack_str, 32, "%s", source_pack);
 

Engine/source/afx/ui/afxSpellButton.cpp

@@ -171,10 +171,11 @@ void afxSpellButton::setBitmap(const char *name, bool placeholder)
 
     if (placeholder)
     {
-      dStrcpy(buffer, name);
+      dStrcpy(buffer, name, 1024);
+      S32 pLen = 1024 - dStrlen(buffer);
       p = buffer + dStrlen(buffer);
     
-      dStrcpy(p, "_i");
+      dStrcpy(p, "_i", pLen);
       mTextureInactive.set(buffer, COOLDOWN_PROFILE);
       mTextureNormal = mTextureInactive;
       mTextureHilight = mTextureInactive;
@@ -183,19 +184,20 @@ void afxSpellButton::setBitmap(const char *name, bool placeholder)
     }
     else
     {
-      dStrcpy(buffer, name);
+      dStrcpy(buffer, name, 1024);
+      S32 pLen = 1024 - dStrlen(buffer);
       p = buffer + dStrlen(buffer);   
-      dStrcpy(p, "_n");
+      dStrcpy(p, "_n", pLen);
       mTextureNormal.set(buffer, COOLDOWN_PROFILE);
-      dStrcpy(p, "_h");
+      dStrcpy(p, "_h", pLen);
       mTextureHilight.set(buffer, COOLDOWN_PROFILE);
       if (!mTextureHilight)
         mTextureHilight = mTextureNormal;
-      dStrcpy(p, "_d");
+      dStrcpy(p, "_d", pLen);
       mTextureDepressed.set(buffer, COOLDOWN_PROFILE);
       if (!mTextureDepressed)
         mTextureDepressed = mTextureHilight;
-      dStrcpy(p, "_i");
+      dStrcpy(p, "_i", pLen);
       mTextureInactive.set(buffer, COOLDOWN_PROFILE);
       if (!mTextureInactive)
         mTextureInactive = mTextureNormal;

Engine/source/afx/xm/afxXM_PathConform.cpp

@@ -195,7 +195,7 @@ bool afxXM_PathConformData::onAdd()
   {
     Vector<char*> dataBlocks(__FILE__, __LINE__);
     char* tokCopy = new char[dStrlen(paths_string) + 1];
-    dStrcpy(tokCopy, paths_string);
+    dStrcpy(tokCopy, paths_string, dStrlen(paths_string) + 1);
     
     char* currTok = dStrtok(tokCopy, " \t");
     while (currTok != NULL) 

Engine/source/app/badWordFilter.cpp

@@ -50,7 +50,7 @@ BadWordFilter::BadWordFilter()
 {
    VECTOR_SET_ASSOCIATION( filterTables );
 
-   dStrcpy(defaultReplaceStr, "knqwrtlzs");
+   dStrcpy(defaultReplaceStr, "knqwrtlzs", 32);
    filterTables.push_back(new FilterTable);
    curOffset = 0;
 }
@@ -147,7 +147,7 @@ bool BadWordFilter::setDefaultReplaceStr(const char *str)
    U32 len = dStrlen(str);
    if(len < 2 || len >= sizeof(defaultReplaceStr))
       return false;
-   dStrcpy(defaultReplaceStr, str);
+   dStrcpy(defaultReplaceStr, str, 32);
    return true;
 }
 
@@ -287,7 +287,7 @@ DefineEngineFunction(filterString, const char *, (const char* baseString, const
       replaceStr = gBadWordFilter->getDefaultReplaceStr();
 
    char *ret = Con::getReturnBuffer(dStrlen(baseString) + 1);
-   dStrcpy(ret, baseString);
+   dStrcpy(ret, baseString, dStrlen(baseString));
    gBadWordFilter->filterString(ret, replaceStr);
    return ret;
 }

Engine/source/app/banList.cpp

@@ -86,7 +86,7 @@ void BanList::addBan(S32 uniqueId, const char *TA, S32 banTime)
    }
 
    BanInfo b;
-   dStrcpy(b.transportAddress, TA);
+   dStrcpy(b.transportAddress, TA, 128);
    b.uniqueId = uniqueId;
    b.bannedUntil = banTime;
 

Engine/source/app/mainLoop.cpp

@@ -495,7 +495,7 @@ bool StandardMainLoop::handleCommandLine( S32 argc, const char **argv )
          S32 pathLen = dStrlen( fdd.mFile );
          FrameTemp<char> szPathCopy( pathLen + 1);
 
-         dStrcpy( szPathCopy, fdd.mFile );
+         dStrcpy( szPathCopy, fdd.mFile, pathLen + 1 );
          //forwardslash( szPathCopy );
 
          const char *path = dStrrchr(szPathCopy, '/');

Engine/source/app/net/net.cpp

@@ -128,7 +128,7 @@
       const char *rmtCommandName = dStrchr(mArgv[1], ' ') + 1;
       if(conn->isConnectionToServer())
       {
-         dStrcpy(mBuf, "clientCmd");
+         dStrcpy(mBuf, "clientCmd", 1024);
          dStrcat(mBuf, rmtCommandName, 1024);
 
          char *temp = mArgv[1];
@@ -139,7 +139,7 @@
       }
       else
       {
-         dStrcpy(mBuf, "serverCmd");
+         dStrcpy(mBuf, "serverCmd", 1024);
          dStrcat(mBuf, rmtCommandName, 1024);
          char *temp = mArgv[1];
 
@@ -409,7 +409,7 @@ ConsoleFunction( buildTaggedString, const char*, 2, 11, "(string format, ...)"
             S32 strLength = dStrlen(argStr);
             if (strLength > strMaxLength)
                goto done;
-            dStrcpy(strBufPtr, argStr);
+            dStrcpy(strBufPtr, argStr, strMaxLength);
             strBufPtr += strLength;
             strMaxLength -= strLength;
             fmtStrPtr += 2;

Engine/source/app/net/netExamples.cpp

@@ -110,7 +110,7 @@ public:
    SimpleNetObject()
    {
       mNetFlags.set(ScopeAlways | Ghostable);
-      dStrcpy(message, "Hello World!");
+      dStrcpy(message, "Hello World!", 256);
    }
    U32 packUpdate(NetConnection *conn, U32 mask, BitStream *stream)
    {
@@ -125,7 +125,7 @@ public:
    void setMessage(const char *msg)
    {
       setMaskBits(1);
-      dStrcpy(message, msg);
+      dStrcpy(message, msg, 256);
    }
 
    DECLARE_CONOBJECT(SimpleNetObject);

Engine/source/app/net/serverQuery.cpp

@@ -394,12 +394,12 @@ void queryLanServers(U32 port, U8 flags, const char* gameType, const char* missi
       if ( !sActiveFilter.gameType || dStricmp( sActiveFilter.gameType, "Any" ) != 0 )
       {
          sActiveFilter.gameType = (char*) dRealloc( sActiveFilter.gameType, 4 );
-         dStrcpy( sActiveFilter.gameType, "Any" );
+         dStrcpy( sActiveFilter.gameType, "Any", 4 );
       }
       if ( !sActiveFilter.missionType || dStricmp( sActiveFilter.missionType, "Any" ) != 0 )
       {
          sActiveFilter.missionType = (char*) dRealloc( sActiveFilter.missionType, 4 );
-         dStrcpy( sActiveFilter.missionType, "Any" );
+         dStrcpy( sActiveFilter.missionType, "Any", 4 );
       }
       sActiveFilter.queryFlags   = 0;
    sActiveFilter.minPlayers   = minPlayers;
@@ -511,13 +511,13 @@ void queryMasterServer(U8 flags, const char* gameType, const char* missionType,
       if ( !sActiveFilter.gameType || dStrcmp( sActiveFilter.gameType, gameType ) != 0 )
       {
          sActiveFilter.gameType = (char*) dRealloc( sActiveFilter.gameType, dStrlen( gameType ) + 1 );
-         dStrcpy( sActiveFilter.gameType, gameType );
+         dStrcpy( sActiveFilter.gameType, gameType, dStrlen(gameType) + 1 );
       }
 
       if ( !sActiveFilter.missionType || dStrcmp( sActiveFilter.missionType, missionType ) != 0 )
       {
          sActiveFilter.missionType = (char*) dRealloc( sActiveFilter.missionType, dStrlen( missionType ) + 1 );
-         dStrcpy( sActiveFilter.missionType, missionType );
+         dStrcpy( sActiveFilter.missionType, missionType, dStrlen(missionType) + 1 );
       }
 
       sActiveFilter.queryFlags   = flags | ServerFilter::NewStyleResponse;
@@ -970,7 +970,7 @@ static void pushServerFavorites()
             ServerInfo* si = findOrCreateServerInfo( &addr );
             AssertFatal(si, "pushServerFavorites - failed to create Server Info!" );
             si->name = (char*) dRealloc( (void*) si->name, dStrlen( serverName ) + 1 );
-            dStrcpy( si->name, serverName );
+            dStrcpy( si->name, serverName, dStrlen(serverName) + 1 );
             si->isFavorite = true;
             pushPingRequest( &addr );
          }
@@ -1054,13 +1054,13 @@ void addFakeServers( S32 howMany )
       char buf[256];
       dSprintf( buf, 255, "Fake server #%d", sNumFakeServers );
       newServer.name = (char*) dMalloc( dStrlen( buf ) + 1 );
-      dStrcpy( newServer.name, buf );
+      dStrcpy( newServer.name, buf, strlen(buf) + 1 );
       newServer.gameType = (char*) dMalloc( 5 );
-      dStrcpy( newServer.gameType, "Fake" );
-      newServer.missionType = (char*) dMalloc( 4 );
-      dStrcpy( newServer.missionType, "FakeMissionType" );
+      dStrcpy( newServer.gameType, "Fake", 5 );
+      newServer.missionType = (char*) dMalloc( 16 );
+      dStrcpy( newServer.missionType, "FakeMissionType", 16 );
       newServer.missionName = (char*) dMalloc( 14 );
-      dStrcpy( newServer.missionName, "FakeMapName" );
+      dStrcpy( newServer.missionName, "FakeMapName", 14 );
       Net::stringToAddress( "IP:198.74.33.35:28000", &newServer.address );
       newServer.ping = (U32)( Platform::getRandom() * 200.0f );
       newServer.cpuSpeed = 470;
@@ -1353,9 +1353,9 @@ static void processPingsAndQueries( U32 session, bool schedule )
       char msg[64];
       U32 foundCount = gServerList.size();
       if ( foundCount == 0 )
-         dStrcpy( msg, "No servers found." );
+         dStrcpy( msg, "No servers found.", 64 );
       else if ( foundCount == 1 )
-         dStrcpy( msg, "One server found." );
+         dStrcpy( msg, "One server found.", 64 );
       else
          dSprintf( msg, sizeof( msg ), "%d servers found.", foundCount );
 
@@ -1754,7 +1754,7 @@ static void handleGameMasterInfoRequest( const NetAddress* address, U32 key, U8
 
       const char* guidList = Con::getVariable( "Server::GuidList" );
       char* buf = new char[dStrlen( guidList ) + 1];
-      dStrcpy( buf, guidList );
+      dStrcpy( buf, guidList, dStrlen(guidList) + 1 );
       char* temp = dStrtok( buf, "\t" );
       temp8 = 0;
       for ( ; temp && temp8 < playerCount; temp8++ )
@@ -1949,7 +1949,7 @@ static void handleGamePingResponse( const NetAddress* address, BitStream* stream
    if ( !si->name )
    {
       si->name = (char*) dMalloc( dStrlen( buf ) + 1 );
-      dStrcpy( si->name, buf );
+      dStrcpy( si->name, buf, dStrlen(buf) + 1 );
    }
 
    // Set the server up to be queried:
@@ -2051,7 +2051,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->gameType || dStricmp( si->gameType, stringBuf ) != 0 )
    {
       si->gameType = (char*) dRealloc( (void*) si->gameType, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->gameType, stringBuf );
+      dStrcpy( si->gameType, stringBuf, dStrlen(stringBuf) + 1 );
 
       // Test against the active filter:
       if ( applyFilter && dStricmp( sActiveFilter.gameType, "any" ) != 0
@@ -2068,7 +2068,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->missionType || dStrcmp( si->missionType, stringBuf ) != 0 )
    {
       si->missionType = (char*) dRealloc( (void*) si->missionType, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->missionType, stringBuf );
+      dStrcpy( si->missionType, stringBuf, dStrlen(stringBuf) + 1 );
 
       // Test against the active filter:
       if ( applyFilter && dStricmp( sActiveFilter.missionType, "any" ) != 0
@@ -2089,7 +2089,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->missionName || dStrcmp( si->missionName, stringBuf ) != 0 )
    {
       si->missionName = (char*) dRealloc( (void*) si->missionName, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->missionName, stringBuf );
+      dStrcpy( si->missionName, stringBuf, dStrlen(stringBuf) + 1 );
    }
 
    // Get the server status:
@@ -2158,7 +2158,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->statusString || ( isUpdate && dStrcmp( si->statusString, stringBuf ) != 0 ) )
    {
       si->infoString = (char*) dRealloc( (void*) si->infoString, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->infoString, stringBuf );
+      dStrcpy( si->infoString, stringBuf, dStrlen(stringBuf) + 1 );
    }
 
    // Get the content string:
@@ -2166,7 +2166,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->statusString || ( isUpdate && dStrcmp( si->statusString, stringBuf ) != 0 ) )
    {
       si->statusString = (char*) dRealloc( (void*) si->statusString, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->statusString, stringBuf );
+      dStrcpy( si->statusString, stringBuf, dStrlen(stringBuf) + 1 );
    }
 
    // Update the server browser gui!

Engine/source/console/CMDscan.cpp

@@ -2341,7 +2341,7 @@ static int Sc_ScanString(int ret)
       return -1;
 
    char* buffer = (char*)consoleAlloc(dStrlen(CMDtext));
-   dStrcpy(buffer, CMDtext + 1);
+   dStrcpy(buffer, CMDtext + 1, dStrlen(CMDtext));
 
    CMDlval.str = MakeToken< char* >(buffer, lineIndex);
    return ret;

Engine/source/console/SimXMLDocument.cpp

@@ -833,7 +833,7 @@ void SimXMLDocument::setObjectAttributes(const char* objectID)
             continue;
 
          FrameTemp<char> valCopy( dStrlen( val ) + 1 );
-         dStrcpy( (char *)valCopy, val );
+         dStrcpy( (char *)valCopy, val, dStrlen(val) + 1 );
 
          if (!pObject->writeField(itr->pFieldname, valCopy))
             continue;
@@ -873,7 +873,7 @@ void SimXMLDocument::setObjectAttributes(const char* objectID)
    //      continue;
 
    //   FrameTemp<char> valCopy( dStrlen( val ) + 1 );
-   //   dStrcpy( (char *)valCopy, val );
+   //   dStrcpy( (char *)valCopy, val, dStrlen(val) + 1 );
 
    //   if (!pObject->writeField(itr->pFieldname, valCopy))
    //      continue;

Engine/source/console/astAlloc.cpp

@@ -241,7 +241,7 @@ StrConstNode *StrConstNode::alloc(S32 lineNumber, char *str, bool tag, bool doc)
    ret->str = (char *)consoleAlloc(dStrlen(str) + 1);
    ret->tag = tag;
    ret->doc = doc;
-   dStrcpy(ret->str, str);
+   dStrcpy(ret->str, str, dStrlen(str) + 1);
 
    return ret;
 }

Engine/source/console/codeInterpreter.cpp

@@ -95,19 +95,17 @@ static void getFieldComponent(SimObject* object, StringTableEntry field, const c
 
       // Translate xyzw and rgba into the indexed component 
       // of the variable or field.
-      //
-      // Review: Should we use strncpy to prevent a buffer overflow?
       if (subField == xyzw[0] || subField == rgba[0])
-         dStrcpy(val, StringUnit::getUnit(prevVal, 0, " \t\n"));
+         dStrcpy(val, StringUnit::getUnit(prevVal, 0, " \t\n"), 128);
 
       else if (subField == xyzw[1] || subField == rgba[1])
-         dStrcpy(val, StringUnit::getUnit(prevVal, 1, " \t\n"));
+         dStrcpy(val, StringUnit::getUnit(prevVal, 1, " \t\n"), 128);
 
       else if (subField == xyzw[2] || subField == rgba[2])
-         dStrcpy(val, StringUnit::getUnit(prevVal, 2, " \t\n"));
+         dStrcpy(val, StringUnit::getUnit(prevVal, 2, " \t\n"), 128);
 
       else if (subField == xyzw[3] || subField == rgba[3])
-         dStrcpy(val, StringUnit::getUnit(prevVal, 3, " \t\n"));
+         dStrcpy(val, StringUnit::getUnit(prevVal, 3, " \t\n"), 128);
 
       else
          val[0] = 0;
@@ -157,19 +155,17 @@ static void setFieldComponent(SimObject* object, StringTableEntry field, const c
 
    // Insert the value into the specified 
    // component of the string.
-   //
-   // Review: Should we use strncpy to prevent a buffer overflow?
    if (subField == xyzw[0] || subField == rgba[0])
-      dStrcpy(val, StringUnit::setUnit(prevVal, 0, strValue, " \t\n"));
+      dStrcpy(val, StringUnit::setUnit(prevVal, 0, strValue, " \t\n"), 128);
 
    else if (subField == xyzw[1] || subField == rgba[1])
-      dStrcpy(val, StringUnit::setUnit(prevVal, 1, strValue, " \t\n"));
+      dStrcpy(val, StringUnit::setUnit(prevVal, 1, strValue, " \t\n"), 128);
 
    else if (subField == xyzw[2] || subField == rgba[2])
-      dStrcpy(val, StringUnit::setUnit(prevVal, 2, strValue, " \t\n"));
+      dStrcpy(val, StringUnit::setUnit(prevVal, 2, strValue, " \t\n"), 128);
 
    else if (subField == xyzw[3] || subField == rgba[3])
-      dStrcpy(val, StringUnit::setUnit(prevVal, 3, strValue, " \t\n"));
+      dStrcpy(val, StringUnit::setUnit(prevVal, 3, strValue, " \t\n"), 128);
 
    if (val[0] != 0)
    {
@@ -1729,7 +1725,7 @@ OPCodeReturn CodeInterpreter::op_setcurfield(U32 &ip)
 {
    // Save the previous field for parsing vector fields.
    mPrevField = mCurField;
-   dStrcpy(prevFieldArray, curFieldArray);
+   dStrcpy(prevFieldArray, curFieldArray, 256);
    mCurField = CodeToSTE(mCodeBlock->code, ip);
    curFieldArray[0] = 0;
    ip += 2;
@@ -1738,7 +1734,7 @@ OPCodeReturn CodeInterpreter::op_setcurfield(U32 &ip)
 
 OPCodeReturn CodeInterpreter::op_setcurfield_array(U32 &ip)
 {
-   dStrcpy(curFieldArray, STR.getStringValue());
+   dStrcpy(curFieldArray, STR.getStringValue(), 256);
    return OPCodeReturn::success;
 }
 
@@ -1771,7 +1767,7 @@ OPCodeReturn CodeInterpreter::op_setcurfield_this(U32 &ip)
    mCurObject = mThisObject;
 
    mPrevField = mCurField;
-   dStrcpy(prevFieldArray, curFieldArray);
+   dStrcpy(prevFieldArray, curFieldArray, 256);
    mCurField = CodeToSTE(mCodeBlock->code, ip);
    curFieldArray[0] = 0;
    ip += 2;

Engine/source/console/compiler.cpp

@@ -164,7 +164,7 @@ U32 CompilerStringTable::add(const char *str, bool caseSens, bool tag)
    newStr->string = (char *)consoleAlloc(len);
    newStr->len = len;
    newStr->tag = tag;
-   dStrcpy(newStr->string, str);
+   dStrcpy(newStr->string, str, len);
 
    // Put into the hash table.
    hashTable[str] = newStr;
@@ -195,7 +195,7 @@ char *CompilerStringTable::build()
    char *ret = new char[totalLen];
    dMemset(ret, 0, totalLen);
    for (Entry *walk = list; walk; walk = walk->next)
-      dStrcpy(ret + walk->start, walk->string);
+      dStrcpy(ret + walk->start, walk->string, totalLen - walk->start);
    return ret;
 }
 

Engine/source/console/console.cpp

@@ -440,7 +440,7 @@ U32 tabComplete(char* inputBuffer, U32 cursorPos, U32 maxResultLength, bool forw
    {
       // If not...
       // Save it for checking next time.
-      dStrcpy(tabBuffer, inputBuffer);
+      dStrcpy(tabBuffer, inputBuffer, MaxCompletionBufferSize);
       // Scan backward from the cursor position to find the base to complete from.
       S32 p = cursorPos;
       while ((p > 0) && (inputBuffer[p - 1] != ' ') && (inputBuffer[p - 1] != '.') && (inputBuffer[p - 1] != '('))
@@ -527,7 +527,7 @@ U32 tabComplete(char* inputBuffer, U32 cursorPos, U32 maxResultLength, bool forw
    }
 
    // Save the modified input buffer for checking next time.
-   dStrcpy(tabBuffer, inputBuffer);
+   dStrcpy(tabBuffer, inputBuffer, MaxCompletionBufferSize);
 
    // Return the new (maybe) cursor position.
    return cursorPos;
@@ -647,7 +647,7 @@ static void _printf(ConsoleLogEntry::Level level, ConsoleLogEntry::Type type, co
             entry.mType   = type;
 #ifndef TORQUE_SHIPPING // this is equivalent to a memory leak, turn it off in ship build            
             entry.mString = (const char *)consoleLogChunker.alloc(dStrlen(pos) + 1);
-            dStrcpy(const_cast<char*>(entry.mString), pos);
+            dStrcpy(const_cast<char*>(entry.mString), pos, dStrlen(pos) + 1);
             
             // This prevents infinite recursion if the console itself needs to
             // re-allocate memory to accommodate the new console log entry, and 
@@ -1271,7 +1271,7 @@ bool executeFile(const char* fileName, bool noCalls, bool journalScript)
       scriptFile = NULL;
 
       dsoModifiedTime = dsoFile->getModifiedTime();
-      dStrcpy(nameBuffer, scriptFileName);
+      dStrcpy(nameBuffer, scriptFileName, 512);
    }
 
    // If we're supposed to be compiling this file, check to see if there's a DSO
@@ -2097,12 +2097,12 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor
          if (ensureTrailingSlash)
          {
             // Yes, so ensure it.
-            Con::ensureTrailingSlash(pDstPath, pSrcPath);
+            Con::ensureTrailingSlash(pDstPath, pSrcPath, size);
          }
          else
          {
             // No, so just use the source path.
-            dStrcpy(pDstPath, pSrcPath);
+            dStrcpy(pDstPath, pSrcPath, size);
          }
 
          return false;
@@ -2118,7 +2118,7 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor
       if (ensureTrailingSlash)
       {
          // Yes, so ensure it.
-         Con::ensureTrailingSlash(pathBuffer, pathBuffer);
+         Con::ensureTrailingSlash(pathBuffer, pathBuffer, size);
       }
 
       // Strip repeat slashes.
@@ -2143,12 +2143,12 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor
          if (ensureTrailingSlash)
          {
             // Yes, so ensure it.
-            Con::ensureTrailingSlash(pDstPath, pSrcPath);
+            Con::ensureTrailingSlash(pDstPath, pSrcPath, size);
          }
          else
          {
             // No, so just use the source path.
-            dStrcpy(pDstPath, pSrcPath);
+            dStrcpy(pDstPath, pSrcPath, size);
          }
 
          return false;
@@ -2183,7 +2183,7 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor
       if (ensureTrailingSlash)
       {
          // Yes, so ensure it.
-         Con::ensureTrailingSlash(pathBuffer, pathBuffer);
+         Con::ensureTrailingSlash(pathBuffer, pathBuffer, size);
       }
 
       // Strip repeat slashes.
@@ -2208,7 +2208,7 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor
    if (ensureTrailingSlash)
    {
       // Yes, so ensure it.
-      Con::ensureTrailingSlash(pathBuffer, pathBuffer);
+      Con::ensureTrailingSlash(pathBuffer, pathBuffer, size);
    }
 
    // Strip repeat slashes.
@@ -2300,10 +2300,10 @@ void collapsePath(char* pDstPath, U32 size, const char* pSrcPath, const char* pW
 }
 
 
-void ensureTrailingSlash(char* pDstPath, const char* pSrcPath)
+void ensureTrailingSlash(char* pDstPath, const char* pSrcPath, S32 dstSize)
 {
    // Copy to target.
-   dStrcpy(pDstPath, pSrcPath);
+   dStrcpy(pDstPath, pSrcPath, dstSize);
 
    // Find trailing character index.
    S32 trailIndex = dStrlen(pDstPath);
@@ -2353,7 +2353,7 @@ StringTableEntry getDSOPath(const char *scriptPath)
    else
    {
       StringTableEntry strippedPath = Platform::stripBasePath(scriptPath);
-      dStrcpy(relPath, strippedPath);
+      dStrcpy(relPath, strippedPath, 1024);
 
       char *slash = dStrrchr(relPath, '/');
       if (slash)
@@ -2616,7 +2616,7 @@ const char *ConsoleValue::getStringValue()
       else if(newLen > bufferLen)
          sval = (char *) dRealloc(sval, newLen);
 
-      dStrcpy(sval, internalValue);
+      dStrcpy(sval, internalValue, newLen);
       bufferLen = newLen;
 
       return sval;

Engine/source/console/console.h

@@ -491,7 +491,7 @@ namespace Con
    bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWorkingDirectoryHint = NULL, const bool ensureTrailingSlash = false);
    void collapsePath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWorkingDirectoryHint = NULL);
    bool isBasePath(const char* SrcPath, const char* pBasePath);
-   void ensureTrailingSlash(char* pDstPath, const char* pSrcPath);
+   void ensureTrailingSlash(char* pDstPath, const char* pSrcPath, S32 dstSize);
    bool stripRepeatSlashes(char* pDstPath, const char* pSrcPath, S32 dstSize);
    StringTableEntry getDSOPath(const char *scriptPath);
 

Engine/source/console/consoleDoc.cpp

@@ -90,7 +90,7 @@ void printClassHeader(const char* usage, const char * className, const char * su
       // Copy Usage Document
       S32 usageLen = dStrlen( usage );
       FrameTemp<char> usageStr( usageLen );
-      dStrcpy( usageStr, usage );
+      dStrcpy( usageStr, usage, usageLen );
 
       // Print Header
       Con::printf( "/*!" );
@@ -117,7 +117,7 @@ void printClassHeader(const char* usage, const char * className, const char * su
          }
          
          // Copy line and update usagePtr
-         dStrcpy( lineStr, usagePtr );
+         dStrcpy( lineStr, usagePtr, 2048 );
          usagePtr = (newLine != NULL ) ? newLine : usagePtr;
          lineLen = dStrlen( lineStr );
 

Engine/source/console/consoleFunctions.cpp

@@ -561,12 +561,13 @@ DefineConsoleFunction( stripChars, const char*, ( const char* str, const char* c
    "@endtsexample\n"
    "@ingroup Strings" )
 {
-   char* ret = Con::getReturnBuffer( dStrlen( str ) + 1 );
-   dStrcpy( ret, str );
+   S32 len = dStrlen(str) + 1;
+   char* ret = Con::getReturnBuffer( len );
+   dStrcpy( ret, str, len );
    U32 pos = dStrcspn( ret, chars );
    while ( pos < dStrlen( ret ) )
    {
-      dStrcpy( ret + pos, ret + pos + 1 );
+      dStrcpy( ret + pos, ret + pos + 1, len - pos );
       pos = dStrcspn( ret, chars );
    }
    return( ret );
@@ -585,7 +586,7 @@ DefineConsoleFunction( strlwr, const char*, ( const char* str ),,
    "@ingroup Strings" )
 {
    char *ret = Con::getReturnBuffer(dStrlen(str) + 1);
-   dStrcpy(ret, str);
+   dStrcpy(ret, str, dStrlen(str) + 1);
    return dStrlwr(ret);
 }
 
@@ -602,7 +603,7 @@ DefineConsoleFunction( strupr, const char*, ( const char* str ),,
    "@ingroup Strings" )
 {
    char *ret = Con::getReturnBuffer(dStrlen(str) + 1);
-   dStrcpy(ret, str);
+   dStrcpy(ret, str, dStrlen(str) + 1);
    return dStrupr(ret);
 }
 
@@ -663,7 +664,8 @@ DefineConsoleFunction( strreplace, const char*, ( const char* source, const char
          count++;
       }
    }
-   char *ret = Con::getReturnBuffer(dStrlen(source) + 1 + (toLen - fromLen) * count);
+   S32 retLen = dStrlen(source) + 1 + (toLen - fromLen) * count;
+   char *ret = Con::getReturnBuffer(retLen);
    U32 scanp = 0;
    U32 dstp = 0;
    for(;;)
@@ -671,13 +673,13 @@ DefineConsoleFunction( strreplace, const char*, ( const char* source, const char
       const char *scan = dStrstr(source + scanp, from);
       if(!scan)
       {
-         dStrcpy(ret + dstp, source + scanp);
+         dStrcpy(ret + dstp, source + scanp, retLen - dstp);
          return ret;
       }
       U32 len = scan - (source + scanp);
-      dStrncpy(ret + dstp, source + scanp, len);
+      dStrncpy(ret + dstp, source + scanp, getMin(len, retLen - dstp));
       dstp += len;
-      dStrcpy(ret + dstp, to);
+      dStrcpy(ret + dstp, to, retLen - dstp);
       dstp += toLen;
       scanp += len + fromLen;
    }
@@ -901,8 +903,8 @@ DefineConsoleFunction( startsWith, bool, ( const char* str, const char* prefix,
    char* targetBuf = new char[ targetLen + 1 ];
 
    // copy src and target into buffers
-   dStrcpy( srcBuf, str );
-   dStrcpy( targetBuf, prefix );
+   dStrcpy( srcBuf, str, srcLen + 1 );
+   dStrcpy( targetBuf, prefix, targetLen + 1 );
 
    // reassign src/target pointers to lowercase versions
    str = dStrlwr( srcBuf );
@@ -952,8 +954,8 @@ DefineConsoleFunction( endsWith, bool, ( const char* str, const char* suffix, bo
    char* targetBuf = new char[ targetLen + 1 ];
 
    // copy src and target into buffers
-   dStrcpy( srcBuf, str );
-   dStrcpy( targetBuf, suffix );
+   dStrcpy( srcBuf, str, srcLen + 1 );
+   dStrcpy( targetBuf, suffix, targetLen + 1 );
 
    // reassign src/target pointers to lowercase versions
    str = dStrlwr( srcBuf );
@@ -1825,7 +1827,7 @@ DefineEngineFunction( detag, const char*, ( const char* str ),,
          return "";
          
       char* ret = Con::getReturnBuffer( dStrlen( word + 1 ) + 1 );
-      dStrcpy( ret, word + 1 );
+      dStrcpy( ret, word + 1, dStrlen(word + 1) + 1 );
       return ret;
    }
    else
@@ -1889,7 +1891,7 @@ ConsoleFunction( echo, void, 2, 0, "( string message... ) "
    char *ret = Con::getReturnBuffer(len + 1);
    ret[0] = 0;
    for(i = 1; i < argc; i++)
-      dStrcat(ret, argv[i], len);
+      dStrcat(ret, argv[i], len + 1);
 
    Con::printf("%s", ret);
    ret[0] = 0;
@@ -1913,7 +1915,7 @@ ConsoleFunction( warn, void, 2, 0, "( string message... ) "
    char *ret = Con::getReturnBuffer(len + 1);
    ret[0] = 0;
    for(i = 1; i < argc; i++)
-      dStrcat(ret, argv[i], len);
+      dStrcat(ret, argv[i], len + 1);
 
    Con::warnf(ConsoleLogEntry::General, "%s", ret);
    ret[0] = 0;
@@ -1937,7 +1939,7 @@ ConsoleFunction( error, void, 2, 0, "( string message... ) "
    char *ret = Con::getReturnBuffer(len + 1);
    ret[0] = 0;
    for(i = 1; i < argc; i++)
-      dStrcat(ret, argv[i], len);
+      dStrcat(ret, argv[i], len + 1);
 
    Con::errorf(ConsoleLogEntry::General, "%s", ret);
    ret[0] = 0;

Engine/source/console/consoleInternal.cpp

@@ -125,7 +125,7 @@ StringValue & StringValue::operator=(const char *string)
    {
       S32 len = dStrlen(string);
       if (len < size)
-         dStrcpy(val, string);
+         dStrcpy(val, string, size);
       else
       {
          size = len;
@@ -569,7 +569,7 @@ void ConsoleValue::setStringValue(const char * value)
       type = TypeInternalString;
 
       bufferLen = newLen;
-      dStrcpy(sval, value);
+      dStrcpy(sval, value, newLen);
    }
    else
       Con::setData(type, dataPtr, 0, 1, &value, enumTable);
@@ -702,7 +702,7 @@ Dictionary::Entry* Dictionary::addVariable(const char *name,
    if (name[0] != '$')
    {
       scratchBuffer[0] = '$';
-      dStrcpy(scratchBuffer + 1, name);
+      dStrcpy(scratchBuffer + 1, name, 1023);
       name = scratchBuffer;
    }
 
@@ -1360,7 +1360,7 @@ void Namespace::addScriptCallback(const char *funcName, const char *usage, Conso
    static U32 uid = 0;
    char buffer[1024];
    char lilBuffer[32];
-   dStrcpy(buffer, funcName);
+   dStrcpy(buffer, funcName, 1024);
    dSprintf(lilBuffer, 32, "_%d_cb", uid++);
    dStrcat(buffer, lilBuffer, 1024);
 
@@ -1381,7 +1381,7 @@ void Namespace::markGroup(const char* name, const char* usage)
    static U32 uid = 0;
    char buffer[1024];
    char lilBuffer[32];
-   dStrcpy(buffer, name);
+   dStrcpy(buffer, name, 1024);
    dSprintf(lilBuffer, 32, "_%d", uid++);
    dStrcat(buffer, lilBuffer, 1024);
 

Engine/source/console/consoleObject.cpp

@@ -773,7 +773,7 @@ static const char* returnClassList( Vector< AbstractClassRep* >& classes, U32 bu
    dQsort( classes.address(), classes.size(), sizeof( AbstractClassRep* ), ACRCompare );
 
    char* ret = Con::getReturnBuffer( bufSize );
-   dStrcpy( ret, classes[ 0 ]->getClassName() );
+   dStrcpy( ret, classes[ 0 ]->getClassName(), bufSize );
    for( U32 i = 1; i < classes.size(); i ++ )
    {
       dStrcat( ret, "\t", bufSize );

Engine/source/console/fieldBrushObject.cpp

@@ -273,7 +273,7 @@ DefineConsoleMethod(FieldBrushObject, queryFields, const char*, (const char* sim
     for ( U32 groupIndex = 0; groupIndex < groupCount; ++groupIndex )
     {
         // Copy string element.
-        dStrcpy( tempBuf, StringUnit::getUnit( groupList, groupIndex, " \t\n" ) );
+        dStrcpy( tempBuf, StringUnit::getUnit( groupList, groupIndex, " \t\n" ), 256 );
         // Append internal name.
         dStrcat( tempBuf, "_begingroup", 256 );
         // Store Group.
@@ -416,7 +416,7 @@ void FieldBrushObject::copyFields( SimObject* pSimObject, const char* fieldList
         for ( U32 fieldIndex = 0; fieldIndex < fieldCount; ++fieldIndex )
         {
             // Copy string element.
-            dStrcpy( tempBuf, StringUnit::getUnit( fieldList, fieldIndex, " \t\n" ) );
+            dStrcpy( tempBuf, StringUnit::getUnit( fieldList, fieldIndex, " \t\n" ), bufferSizes );
 
             // Store field.
             fields.push_back( StringTable->insert( tempBuf ) );

Engine/source/console/fileSystemFunctions.cpp

@@ -495,7 +495,7 @@ DefineEngineFunction(getDirectoryList, String, ( const char* path, S32 depth ),
    // Copy the directory names to the buffer.
    for (S32 i = 0; i < directories.size(); i++)
    {
-      dStrcpy(p, directories[i]);
+      dStrcpy(p, directories[i], length - (p - buffer));
       p += dStrlen(directories[i]);
       // Tab separated.
       p[0] = '\t';
@@ -537,7 +537,7 @@ DefineEngineFunction( fileModifiedTime, String, ( const char* fileName ),,
    String fileStr = Platform::localTimeToString( lt );
    
    char *buffer = Con::getReturnBuffer( fileStr.size() );
-   dStrcpy( buffer, fileStr );   
+   dStrcpy( buffer, fileStr, fileStr.size() );
    
    return buffer;
 }
@@ -560,7 +560,7 @@ DefineEngineFunction( fileCreatedTime, String, ( const char* fileName ),,
    String fileStr = Platform::localTimeToString( lt );
 
    char *buffer = Con::getReturnBuffer( fileStr.size() );
-   dStrcpy( buffer, fileStr );  
+   dStrcpy( buffer, fileStr, fileStr.size() );
 
    return buffer;
 }
@@ -609,7 +609,7 @@ DefineEngineFunction(fileBase, String, ( const char* fileName ),,
    S32 pathLen = dStrlen( fileName );
    FrameTemp<char> szPathCopy( pathLen + 1);
 
-   dStrcpy( szPathCopy, fileName );
+   dStrcpy( szPathCopy, fileName, pathLen + 1 );
    forwardslash( szPathCopy );
 
    const char *path = dStrrchr(szPathCopy, '/');
@@ -618,7 +618,7 @@ DefineEngineFunction(fileBase, String, ( const char* fileName ),,
    else
       path++;
    char *ret = Con::getReturnBuffer(dStrlen(path) + 1);
-   dStrcpy(ret, path);
+   dStrcpy(ret, path, dStrlen(path) + 1);
    char *ext = dStrrchr(ret, '.');
    if(ext)
       *ext = 0;
@@ -635,7 +635,7 @@ DefineEngineFunction(fileName, String, ( const char* fileName ),,
    S32 pathLen = dStrlen( fileName );
    FrameTemp<char> szPathCopy( pathLen + 1);
 
-   dStrcpy( szPathCopy, fileName );
+   dStrcpy( szPathCopy, fileName, pathLen + 1 );
    forwardslash( szPathCopy );
 
    const char *name = dStrrchr(szPathCopy, '/');
@@ -644,7 +644,7 @@ DefineEngineFunction(fileName, String, ( const char* fileName ),,
    else
       name++;
    char *ret = Con::getReturnBuffer(dStrlen(name));
-   dStrcpy(ret, name);
+   dStrcpy(ret, name, dStrlen(name));
    return ret;
 }
 
@@ -658,7 +658,7 @@ DefineEngineFunction(filePath, String, ( const char* fileName ),,
    S32 pathLen = dStrlen( fileName );
    FrameTemp<char> szPathCopy( pathLen + 1);
 
-   dStrcpy( szPathCopy, fileName );
+   dStrcpy( szPathCopy, fileName, pathLen + 1 );
    forwardslash( szPathCopy );
 
    const char *path = dStrrchr(szPathCopy, '/');

Engine/source/console/persistenceManager.cpp

@@ -950,7 +950,7 @@ void PersistenceManager::updateToken( const U32 lineNumber, const U32 linePositi
    char* postString = ( char* ) dMalloc( postStringLen + 1 );
    if( needQuotes )
       postString[ 0 ] = '"';
-   dStrcpy( &postString[ needQuotes ? 1 : 0 ], postStringSrc );
+   dStrcpy( &postString[ needQuotes ? 1 : 0 ], postStringSrc, postStringLen + (needQuotes ? 0 : 1) );
    postString[ postStringLen ] = 0;
 
    // Calculate the length of our new line

Engine/source/console/scriptFilename.cpp

@@ -189,7 +189,7 @@ bool expandToolScriptFilename(char *filename, U32 size, const char *src)
          // Relative to script directory
          if(cbFullPath)
          {
-            dStrcpy(varBuf, cbFullPath);
+            dStrcpy(varBuf, cbFullPath, 1024);
             slash = dStrrchr(varBuf, '/');
             if(slash) *slash = 0;
 
@@ -219,7 +219,7 @@ bool expandOldScriptFilename(char *filename, U32 size, const char *src)
    const StringTableEntry cbName = CodeBlock::getCurrentCodeBlockName();
    if (!cbName)
    {
-      dStrcpy(filename, src);
+      dStrcpy(filename, src, size);
       return true;
    }
 
@@ -244,7 +244,7 @@ bool expandOldScriptFilename(char *filename, U32 size, const char *src)
          *filename = 0;
          return false;
       }
-      dStrcpy(filename, src);
+      dStrcpy(filename, src, size);
       return true;
    }
 
@@ -264,7 +264,7 @@ bool expandOldScriptFilename(char *filename, U32 size, const char *src)
    }
 
    dStrncpy(filename, cbName, length);
-   dStrcpy(filename+length, src+1);
+   dStrcpy(filename+length, src+1, size - length);
    return true;
 }
 

Engine/source/console/sim.cpp

@@ -216,7 +216,7 @@ DefineConsoleFunction( getUniqueName, const char*, (const char * baseName), ,
       return NULL;
 
    char *buffer = Con::getReturnBuffer( outName.size() );
-   dStrcpy( buffer, outName );
+   dStrcpy( buffer, outName, outName.size() );
 
    return buffer;
 }
@@ -241,7 +241,7 @@ DefineConsoleFunction( getUniqueInternalName, const char*, (const char * baseNam
       return NULL;
 
    char *buffer = Con::getReturnBuffer( outName.size() );
-   dStrcpy( buffer, outName );
+   dStrcpy( buffer, outName, outName.size() );
 
    return buffer;
 }

Engine/source/console/simDatablock.cpp

@@ -198,10 +198,10 @@ void SimDataBlock::performSubstitutions(SimDataBlock* dblock, const SimObject* o
    }
 
    char obj_str[32];
-   dStrcpy(obj_str, Con::getIntArg(obj->getId()));
+   dStrcpy(obj_str, Con::getIntArg(obj->getId()), 32);
 
    char index_str[32];
-   dStrcpy(index_str, Con::getIntArg(index));
+   dStrcpy(index_str, Con::getIntArg(index), 32);
 
    for (S32 i = 0; i < substitutions.size(); i++)
    {

Engine/source/console/simObject.cpp

@@ -320,7 +320,7 @@ void SimObject::writeFields(Stream &stream, U32 tabStop)
 
          U32 nBufferSize = dStrlen( val ) + 1;
          FrameTemp<char> valCopy( nBufferSize );
-         dStrcpy( (char *)valCopy, val );
+         dStrcpy( (char *)valCopy, val, nBufferSize );
 
          if (!writeField(f->pFieldname, valCopy))
             continue;
@@ -402,12 +402,12 @@ bool SimObject::save(const char *pcFileName, bool bOnlySelected, const char *pre
    char docRoot[256];
    char modRoot[256];
 
-   dStrcpy(docRoot, pcFileName);
+   dStrcpy(docRoot, pcFileName, 256);
    char *p = dStrrchr(docRoot, '/');
    if (p) *++p = '\0';
    else  docRoot[0] = '\0';
 
-   dStrcpy(modRoot, pcFileName);
+   dStrcpy(modRoot, pcFileName, 256);
    p = dStrchr(modRoot, '/');
    if (p) *++p = '\0';
    else  modRoot[0] = '\0';
@@ -1028,7 +1028,7 @@ void SimObject::setDataField(StringTableEntry slotName, const char *array, const
       else
       {
          char buf[256];
-         dStrcpy(buf, slotName);
+         dStrcpy(buf, slotName, 256);
          dStrcat(buf, array, 256);
          StringTableEntry permanentSlotName = StringTable->insert(buf);
          mFieldDictionary->setFieldValue(permanentSlotName, value);
@@ -1069,7 +1069,7 @@ const char *SimObject::getDataField(StringTableEntry slotName, const char *array
       else
       {
          static char buf[256];
-         dStrcpy(buf, slotName);
+         dStrcpy(buf, slotName, 256);
          dStrcat(buf, array, 256);
          if (const char* val = mFieldDictionary->getFieldValue(StringTable->insert(buf)))
             return val;
@@ -1310,7 +1310,7 @@ U32 SimObject::getDataFieldType( StringTableEntry slotName, const char* array )
    else
    {
       static char buf[256];
-      dStrcpy( buf, slotName );
+      dStrcpy( buf, slotName, 256 );
       dStrcat( buf, array, 256 );
 
       return mFieldDictionary->getFieldType( StringTable->insert( buf ) );
@@ -1333,7 +1333,7 @@ void SimObject::setDataFieldType(const U32 fieldTypeId, StringTableEntry slotNam
    else
    {
       static char buf[256];
-      dStrcpy( buf, slotName );
+      dStrcpy( buf, slotName, 256 );
       dStrcat( buf, array, 256 );
 
       mFieldDictionary->setFieldType( StringTable->insert( buf ), fieldTypeId );
@@ -1354,7 +1354,7 @@ void SimObject::setDataFieldType(const char *typeName, StringTableEntry slotName
    else
    {
       static char buf[256];
-      dStrcpy( buf, slotName );
+      dStrcpy( buf, slotName, 256 );
       dStrcat( buf, array, 256 );
       StringTableEntry permanentSlotName = StringTable->insert(buf);
 

Engine/source/console/simObjectMemento.cpp

@@ -137,7 +137,7 @@ SimObject *SimObjectMemento::restore() const
          tempBuffer = ( char* ) dMalloc( dStrlen( mState ) + uniqueNameLen + 1 );
          dMemcpy( tempBuffer, mState, numCharsToLeftParen );
          dMemcpy( &tempBuffer[ numCharsToLeftParen ], uniqueName, uniqueNameLen );
-         dStrcpy( &tempBuffer[ numCharsToLeftParen + uniqueNameLen ], &mState[ numCharsToLeftParen ] );
+         dStrcpy( &tempBuffer[ numCharsToLeftParen + uniqueNameLen ], &mState[ numCharsToLeftParen ], dStrlen(mState) - numCharsToLeftParen + 1 );
       }
 
       Con::evaluate( tempBuffer );

Engine/source/console/stringStack.h

@@ -176,7 +176,7 @@ struct StringStack
       mLen = dStrlen(s);
 
       validateBufferSize(mStart + mLen + 2);
-      dStrcpy(mBuffer + mStart, s);
+      dStrcpy(mBuffer + mStart, s, mBufferSize - mStart);
    }
 
    /// Get the top of the stack, as a StringTableEntry.

Engine/source/core/stream/bitStream.cpp

@@ -668,13 +668,13 @@ void BitStream::readString(char buf[256])
       {
          S32 offset = readInt(8);
          HuffmanProcessor::g_huffProcessor.readHuffBuffer(this, stringBuffer + offset);
-         dStrcpy(buf, stringBuffer);
+         dStrcpy(buf, stringBuffer, 256);
          return;
       }
    }
    HuffmanProcessor::g_huffProcessor.readHuffBuffer(this, buf);
    if(stringBuffer)
-      dStrcpy(stringBuffer, buf);
+      dStrcpy(stringBuffer, buf, 256);
 }
 
 void BitStream::writeString(const char *string, S32 maxLen)

Engine/source/core/stringTable.cpp

@@ -145,7 +145,7 @@ StringTableEntry _StringTable::insert(const char* _val, const bool caseSens)
       *walk = (Node *) mempool.alloc(sizeof(Node));
       (*walk)->next = 0;
       (*walk)->val = (char *) mempool.alloc(dStrlen(val) + 1);
-      dStrcpy((*walk)->val, val);
+      dStrcpy((*walk)->val, val, dStrlen(val) + 1);
       ret = (*walk)->val;
       itemCount ++;
    }

Engine/source/core/strings/findMatch.cpp

@@ -72,7 +72,7 @@ void FindMatch::setExpression( const char *_expression )
    delete [] expression;
 
    expression = new char[dStrlen(_expression) + 1];
-   dStrcpy(expression, _expression);
+   dStrcpy(expression, _expression, dStrlen(_expression) + 1);
    dStrupr(expression);
 }
 
@@ -82,7 +82,7 @@ bool FindMatch::findMatch( const char *str, bool caseSensitive )
       return false;
 
    char nstr[512];
-   dStrcpy( nstr,str );
+   dStrcpy( nstr,str,512 );
    dStrupr(nstr);
    if ( isMatch( expression, nstr, caseSensitive ) )
    {
@@ -143,7 +143,7 @@ bool FindMatch::isMatchMultipleExprs( const char *exps, const char *str, bool ca
    S32 len = dStrlen(exps);
 
    char *e = new char[len+1];
-   dStrcpy(e,exps);
+   dStrcpy(e,exps,len+1);
 
    // [tom, 12/18/2006] This no longer supports space separated expressions as
    // they don't work when the paths have spaces in.

Engine/source/core/strings/stringFunctions.cpp

@@ -216,7 +216,7 @@ S32 dStrnatcasecmp(const nat_char* a, const nat_char* b) {
 char *dStrdup_r(const char *src, const char *fileName, dsize_t lineNumber)
 {
    char *buffer = (char *) dMalloc_r(dStrlen(src) + 1, fileName, lineNumber);
-   dStrcpy(buffer, src);
+   dStrcpy(buffer, src, dStrlen(src) + 1);
    return buffer;
 }
 

Engine/source/core/strings/stringFunctions.h

@@ -47,6 +47,7 @@
 
 #endif // defined(TORQUE_OS_WIN)
 
+#define DEBUG_CHECK_OVERFLOW 1
 
 //------------------------------------------------------------------------------
 // standard string functions [defined in platformString.cpp]
@@ -60,12 +61,16 @@ inline char *dStrcat(char *dst, const char *src)
 
 inline char *dStrcat(char *dst, const char *src, dsize_t len)
 {
+#ifdef DEBUG_CHECK_OVERFLOW
+   if (strlen(src) >= len) {
+      AssertWarn(false, "dStrcat out of range");
+   }
+#endif
    return strncat(dst,src,len - 1); //Safety because strncat copies at most len+1 characters
 }
 
 inline char *dStrncat(char *dst, const char *src, dsize_t len)
 {
-   AssertFatal(false, "Use dStrcat with length");
    return dStrcat(dst, src, len);
 }
 
@@ -94,9 +99,21 @@ inline S32  dStrnicmp(const char *str1, const char *str2, dsize_t len)
    return strncasecmp( str1, str2, len );
 }
 
+/// @deprecated Use strcpy(char *, const char *, dsize_t) instead
 inline char *dStrcpy(char *dst, const char *src)
 {
+   AssertFatal(false, "dStrcpy without length is deprecated");
    return strcpy(dst,src);
+}
+
+inline char *dStrcpy(char *dst, const char *src, dsize_t len)
+{
+#ifdef DEBUG_CHECK_OVERFLOW
+   if (strlen(src) >= len) {
+      AssertWarn(false, "dStrcpy out of range");
+   }
+#endif
+   return strncpy(dst,src,len);
 }   
 
 inline char *dStrncpy(char *dst, const char *src, dsize_t len)

Engine/source/core/tokenizer.cpp

@@ -61,7 +61,7 @@ bool Tokenizer::openFile(const char* pFileName)
       delete pStream;
       return false;
    }
-   dStrcpy(mFileName, pFileName);
+   dStrcpy(mFileName, pFileName, 1024);
 
    mBufferSize = pStream->getStreamSize();
    mpBuffer    = new char[mBufferSize];
@@ -99,7 +99,7 @@ void Tokenizer::setBuffer(const char* buffer, U32 bufferSize)
 
    mBufferSize = bufferSize;
    mpBuffer    = new char[mBufferSize + 1];
-   dStrcpy(mpBuffer, buffer);
+   dStrcpy(mpBuffer, buffer, mBufferSize + 1);
 
    reset();
 
@@ -634,4 +634,4 @@ bool Tokenizer::endOfFile()
       return false;
    else
       return true;
-}
+}

Engine/source/core/util/zip/centralDir.cpp

@@ -178,7 +178,7 @@ void CentralDir::setFileComment(const char *comment)
 {
    SAFE_DELETE_ARRAY(mFileComment);
    mFileComment = new char [dStrlen(comment)+1];
-   dStrcpy(mFileComment, comment);
+   dStrcpy(mFileComment, comment, dStrlen(comment)+1);
 }
 
 //-----------------------------------------------------------------------------

Engine/source/gfx/Null/gfxNullDevice.cpp

@@ -309,7 +309,7 @@ void GFXNullDevice::enumerateAdapters( Vector<GFXAdapter*> &adapterList )
    vm.resolution.set(800,600);
    toAdd->mAvailableModes.push_back(vm);
 
-   dStrcpy(toAdd->mName, "GFX Null Device");
+   dStrcpy(toAdd->mName, "GFX Null Device", GFXAdapter::MaxAdapterNameLen);
 
    adapterList.push_back(toAdd);
 }
@@ -342,4 +342,4 @@ public:
    }
 };
 
-static GFXNullRegisterDevice pNullRegisterDevice;
+static GFXNullRegisterDevice pNullRegisterDevice;

Engine/source/gfx/gfxStructs.cpp

@@ -40,7 +40,7 @@ void GFXVideoMode::parseFromString( const char *str )
 
    // Copy the string, as dStrtok is destructive
    char *tempBuf = new char[dStrlen( str ) + 1];
-   dStrcpy( tempBuf, str );
+   dStrcpy( tempBuf, str, dStrlen(str) + 1 );
 
 #define PARSE_ELEM(type, var, func, tokParam, sep) \
    if(const char *ptr = dStrtok( tokParam, sep)) \
@@ -76,4 +76,4 @@ void GFXShaderMacro::stringize( const Vector<GFXShaderMacro> &macros, String *ou
       }
       (*outString) += ";";
    }
-}
+}

Engine/source/gfx/gl/sdl/gfxGLDevice.sdl.cpp

@@ -128,11 +128,11 @@ void GFXGLDevice::enumerateAdapters( Vector<GFXAdapter*> &adapterList )
 
    if (renderer)
    {
-      dStrcpy(toAdd->mName, renderer);
+      dStrcpy(toAdd->mName, renderer, GFXAdapter::MaxAdapterNameLen);
       dStrcat(toAdd->mName, " OpenGL", GFXAdapter::MaxAdapterNameLen);
    }
    else
-      dStrcpy(toAdd->mName, "OpenGL");
+      dStrcpy(toAdd->mName, "OpenGL", GFXAdapter::MaxAdapterNameLen);
 
    toAdd->mType = OpenGL;
    toAdd->mShaderModel = 0.f;

Engine/source/gfx/gl/win32/gfxGLDevice.win.cpp

@@ -129,11 +129,11 @@ void GFXGLDevice::enumerateAdapters( Vector<GFXAdapter*> &adapterList )
 
    if (renderer)
    {
-      dStrcpy(toAdd->mName, renderer);
+      dStrcpy(toAdd->mName, renderer, GFXAdapter::MaxAdapterNameLen);
       dStrncat(toAdd->mName, " OpenGL", GFXAdapter::MaxAdapterNameLen);
    }
    else
-      dStrcpy(toAdd->mName, "OpenGL");
+      dStrcpy(toAdd->mName, "OpenGL", GFXAdapter::MaxAdapterNameLen);
 
    toAdd->mType = OpenGL;
    toAdd->mShaderModel = 0.f;

Engine/source/gfx/screenshot.cpp

@@ -55,7 +55,7 @@ ScreenShot::ScreenShot()
 
 void ScreenShot::setPending( const char *filename, bool writeJPG, S32 tiles, F32 overlap )
 {
-   dStrcpy( mFilename, filename );
+   dStrcpy( mFilename, filename, 256 );
    mWriteJPG = writeJPG;
    mTiles = getMax( tiles, 1 );
    mPixelOverlap.set(getMin(overlap, 0.25f), getMin(overlap, 0.25f));      

Engine/source/gui/containers/guiFormCtrl.cpp

@@ -218,7 +218,7 @@ bool GuiFormCtrl::resize(const Point2I &newPosition, const Point2I &newExtent)
       S32 strlen = dStrlen((const char*)mCaption);
       for(S32 i=strlen; i>=0; --i)
       {
-         dStrcpy(buf, "");
+         dStrcpy(buf, "", i);
          dStrcat(buf, (const char*)mCaption, i);
          dStrcat(buf, "...", i);
 

Engine/source/gui/controls/guiAnimBitmapCtrl.cpp

@@ -168,7 +168,7 @@ bool guiAnimBitmapCtrl::ptSetFrameRanges(void *object, const char *index, const
       return true;
    }
    char* tokCopy = new char[dStrlen(data) + 1];
-   dStrcpy(tokCopy, data);
+   dStrcpy(tokCopy, data, dStrlen(data) + 1);
 
    char* currTok = dStrtok(tokCopy, " \t");
    while (currTok != NULL)
@@ -291,4 +291,4 @@ void guiAnimBitmapCtrl::onRender(Point2I offset, const RectI &updateRect)
    }
 
    renderChildControls(offset, updateRect);
-}
+}

Engine/source/gui/controls/guiFileTreeCtrl.cpp

@@ -276,7 +276,7 @@ void GuiFileTreeCtrl::recurseInsert( Item* parent, StringTableEntry path )
 
    char szPathCopy [ 1024 ];
    dMemset( szPathCopy, 0, 1024 );
-   dStrcpy( szPathCopy, path );
+   dStrcpy( szPathCopy, path, 1024 );
 
    // Jump over the first character if it's a root /
    char *curPos = szPathCopy;

Engine/source/gui/controls/guiPopUpCtrl.cpp

@@ -566,13 +566,14 @@ void GuiPopUpMenuCtrl::setBitmap( const char *name )
    {
       char buffer[1024];
       char *p;
-      dStrcpy(buffer, name);
+      dStrcpy(buffer, name, 1024);
       p = buffer + dStrlen(buffer);
+      S32 pLen = 1024 - dStrlen(buffer);
 
-      dStrcpy(p, "_n");
+      dStrcpy(p, "_n", pLen);
       mTextureNormal = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureNormal (line %d)", __FUNCTION__, __LINE__) );
 
-      dStrcpy(p, "_d");
+      dStrcpy(p, "_d", pLen);
       mTextureDepressed = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureDepressed (line %d)", __FUNCTION__, __LINE__) );
       if ( !mTextureDepressed )
          mTextureDepressed = mTextureNormal;
@@ -637,7 +638,7 @@ void GuiPopUpMenuCtrl::addEntry( const char *buf, S32 id, U32 scheme )
       mIdMax = id;
 
    Entry e;
-   dStrcpy( e.buf, buf );
+   dStrcpy( e.buf, buf, 256 );
    e.id = id;
    e.scheme = scheme;
 

Engine/source/gui/controls/guiPopUpCtrlEx.cpp

@@ -771,13 +771,14 @@ void GuiPopUpMenuCtrlEx::setBitmap(const char *name)
    {
       char buffer[1024];
       char *p;
-      dStrcpy(buffer, name);
+      dStrcpy(buffer, name, 1024);
       p = buffer + dStrlen(buffer);
+      S32 pLen = 1024 - dStrlen(buffer);
 
-      dStrcpy(p, "_n");
+      dStrcpy(p, "_n", pLen);
       mTextureNormal = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureNormal (line %d)", __FUNCTION__, __LINE__) );
 
-      dStrcpy(p, "_d");
+      dStrcpy(p, "_d", pLen);
       mTextureDepressed = GFXTexHandle( (StringTableEntry)buffer, &GFXDefaultGUIProfile, avar("%s() - mTextureDepressed (line %d)", __FUNCTION__, __LINE__) );
       if ( !mTextureDepressed )
          mTextureDepressed = mTextureNormal;
@@ -840,7 +841,7 @@ void GuiPopUpMenuCtrlEx::addEntry(const char *buf, S32 id, U32 scheme)
       mIdMax = id;
 
    Entry e;
-   dStrcpy( e.buf, buf );
+   dStrcpy( e.buf, buf, 256 );
    e.id = id;
    e.scheme = scheme;
 

Engine/source/gui/controls/guiTabPageCtrl.cpp

@@ -50,7 +50,7 @@ GuiTabPageCtrl::GuiTabPageCtrl(void)
 {
    setExtent(Point2I(100, 200));
    mFitBook = false;
-   dStrcpy(mText,(UTF8*)"TabPage");
+   dStrcpy(mText,(UTF8*)"TabPage", MAX_STRING_LENGTH);
    mActive = true;
    mIsContainer = true;
 }

Engine/source/gui/controls/guiTreeViewCtrl.cpp

@@ -4754,15 +4754,15 @@ StringTableEntry GuiTreeViewCtrl::getTextToRoot( S32 itemId, const char * delimi
    dMemset( bufferOne, 0, sizeof(bufferOne) );
    dMemset( bufferTwo, 0, sizeof(bufferTwo) );
 
-   dStrcpy( bufferOne, item->getText() );
+   dStrcpy( bufferOne, item->getText(), 1024 );
 
    Item *prevNode = item->mParent;
    while ( prevNode )
    {
       dMemset( bufferNodeText, 0, sizeof(bufferNodeText) );
-      dStrcpy( bufferNodeText, prevNode->getText() );
+      dStrcpy( bufferNodeText, prevNode->getText(), 128 );
       dSprintf( bufferTwo, 1024, "%s%s%s",bufferNodeText, delimiter, bufferOne );
-      dStrcpy( bufferOne, bufferTwo );
+      dStrcpy( bufferOne, bufferTwo, 1024 );
       dMemset( bufferTwo, 0, sizeof(bufferTwo) );
       prevNode = prevNode->mParent;
    }
@@ -5570,4 +5570,4 @@ DefineEngineMethod(GuiTreeViewCtrl, getItemAtPosition, S32, (Point2I position),
    "@return The id of the item under the position.")
 {
    return object->getItemAtPosition(position);
-}
+}

Engine/source/gui/core/guiControl.cpp

@@ -2570,7 +2570,7 @@ DefineEngineMethod( GuiControl, findHitControls, const char*, ( S32 x, S32 y, S3
       return "";
    
    char* buffer = Con::getReturnBuffer( s.size() );
-   dStrcpy( buffer, s.c_str() );
+   dStrcpy( buffer, s.c_str(), s.size() );
    
    return buffer;
 }

Engine/source/gui/editor/guiDebugger.cpp

@@ -431,7 +431,7 @@ bool DbgFileView::findMouseOverVariable()
    {
       S32 stringPosition = pt.x - gFileXOffset;
       char tempBuf[256], *varNamePtr = &tempBuf[1];
-      dStrcpy(tempBuf, mFileView[cell.y].text);
+      dStrcpy(tempBuf, mFileView[cell.y].text, 256);
 
       //find the current mouse over char
       S32 charNum = findMouseOverChar(mFileView[cell.y].text, stringPosition);
@@ -526,7 +526,7 @@ void DbgFileView::onPreRender()
 {
 	setUpdate();
    char oldVar[256];
-   dStrcpy(oldVar, mMouseOverVariable);
+   dStrcpy(oldVar, mMouseOverVariable, 256);
    bool found = findMouseOverVariable();
    if (found && mPCCurrentLine >= 0)
    {
@@ -685,7 +685,7 @@ void DbgFileView::onRenderCell(Point2I offset, Point2I cell, bool selected, bool
       {
          S32 startPos, endPos;
          char tempBuf[256];
-         dStrcpy(tempBuf, mFileView[cell.y].text);
+         dStrcpy(tempBuf, mFileView[cell.y].text, 256);
 
          //get the end coord
          tempBuf[mBlockEnd] = '\0';

Engine/source/gui/editor/guiEditCtrl.cpp

@@ -2626,7 +2626,7 @@ DefineConsoleMethod( GuiEditCtrl, getSelectionGlobalBounds, const char*, (), , "
    String str = String::ToString( "%i %i %i %i", bounds.point.x, bounds.point.y, bounds.extent.x, bounds.extent.y );
    
    char* buffer = Con::getReturnBuffer( str.length() );
-   dStrcpy( buffer, str.c_str() );
+   dStrcpy( buffer, str.c_str(), str.length() );
    
    return buffer;
 }

Engine/source/gui/editor/guiFilterCtrl.cpp

@@ -239,7 +239,7 @@ void Filter::set(S32 argc, const char *argv[])
    if (argc == 1)
    {  // in the form of one string "1.0 1.0 1.0"
       char list[1024];
-      dStrcpy(list, *argv);    // strtok modifies the string so we need to copy it
+      dStrcpy(list, *argv, 1024);    // strtok modifies the string so we need to copy it
       char *value = dStrtok(list, " ");
       while (value)
       {

Engine/source/gui/utility/messageVector.cpp

@@ -500,7 +500,7 @@ void MessageVector::insertLine(const U32   position,
 
    U32 len = dStrlen(newMessage) + 1;
    char* copy = new char[len];
-   dStrcpy(copy, newMessage);
+   dStrcpy(copy, newMessage, len);
 
    mMessageLines.insert(position);
    mMessageLines[position].message    = copy;

Engine/source/i18n/lang.cpp

@@ -43,7 +43,7 @@ LangFile::LangFile(const UTF8 *langName /* = NULL */)
 	if(langName)
 	{
 		mLangName = new UTF8 [dStrlen(langName) + 1];
-		dStrcpy(mLangName, langName);
+		dStrcpy(mLangName, langName, dStrlen(langName) + 1);
 	}
 	else
 		mLangName = NULL;
@@ -137,7 +137,7 @@ const UTF8 * LangFile::getString(U32 id)
 U32 LangFile::addString(const UTF8 *str)
 {
 	UTF8 *newstr = new UTF8 [dStrlen(str) + 1];
-	dStrcpy(newstr, str);
+	dStrcpy(newstr, str, dStrlen(str) + 1);
 	mStringTable.push_back(newstr);
 	return mStringTable.size() - 1;
 }
@@ -157,7 +157,7 @@ void LangFile::setString(U32 id, const UTF8 *str)
    SAFE_DELETE_ARRAY(mStringTable[id]);
 
 	UTF8 *newstr = new UTF8 [dStrlen(str) + 1];
-	dStrcpy(newstr, str);
+	dStrcpy(newstr, str, dStrlen(str) + 1);
 	mStringTable[id] = newstr;
 }
 
@@ -167,7 +167,7 @@ void LangFile::setLangName(const UTF8 *newName)
 		delete [] mLangName;
 	
 	mLangName = new UTF8 [dStrlen(newName) + 1];
-	dStrcpy(mLangName, newName);
+	dStrcpy(mLangName, newName, dStrlen(newName) + 1);
 }
 
 void LangFile::setLangFile(const UTF8 *langFile)
@@ -176,7 +176,7 @@ void LangFile::setLangFile(const UTF8 *langFile)
 		delete [] mLangFile;
 	
 	mLangFile = new UTF8 [dStrlen(langFile) + 1];
-	dStrcpy(mLangFile, langFile);
+	dStrcpy(mLangFile, langFile, dStrlen(langFile) + 1);
 }
 
 bool LangFile::activateLanguage()
@@ -350,7 +350,7 @@ DefineConsoleMethod(LangTable, getString, const char *, (U32 id), ,
 	if(str != NULL)
 	{
 		char * ret = Con::getReturnBuffer(dStrlen(str) + 1);
-		dStrcpy(ret, str);
+		dStrcpy(ret, str, dStrlen(str) + 1);
 		return ret;
 	}
 	
@@ -388,7 +388,7 @@ DefineConsoleMethod(LangTable, getLangName, const char *, (S32 langId), , "(int
 	if(str != NULL)
 	{
 		char * ret = Con::getReturnBuffer(dStrlen(str) + 1);
-		dStrcpy(ret, str);
+		dStrcpy(ret, str, dStrlen(str) + 1);
 		return ret;
 	}
 	
@@ -414,7 +414,7 @@ UTF8 *sanitiseVarName(const UTF8 *varName, UTF8 *buffer, U32 bufsize)
 		return NULL;
 	}
 	
-	dStrcpy(buffer, (const UTF8*)"I18N::");
+	dStrcpy(buffer, (const UTF8*)"I18N::", bufsize);
 	
 	UTF8 *dptr = buffer + 6;
 	const UTF8 *sptr = varName;
@@ -575,4 +575,4 @@ ConsoleFunction(CompileLanguage, void, 2, 3, "(string inputFile, [bool createMap
          delete mapStream;
    }
 }
-//end lang_ localization
+//end lang_ localization

Engine/source/materials/materialDefinition.cpp

@@ -654,33 +654,33 @@ DefineConsoleMethod( Material, getAnimFlags, const char*, (U32 id), , "" )
    if(object->mAnimFlags[ id ] & Material::Scroll)
    {
 	   if(dStrcmp( animFlags, "" ) == 0)
-	      dStrcpy( animFlags, "$Scroll" );
+	      dStrcpy( animFlags, "$Scroll", 512 );
    }
    if(object->mAnimFlags[ id ] & Material::Rotate)
    {
 	   if(dStrcmp( animFlags, "" ) == 0)
-	      dStrcpy( animFlags, "$Rotate" );
+	      dStrcpy( animFlags, "$Rotate", 512 );
 	   else
 			dStrcat( animFlags, " | $Rotate", 512);
    }
    if(object->mAnimFlags[ id ] & Material::Wave)
    {
 	   if(dStrcmp( animFlags, "" ) == 0)
-	      dStrcpy( animFlags, "$Wave" );
+	      dStrcpy( animFlags, "$Wave", 512 );
 	   else
 			dStrcat( animFlags, " | $Wave", 512);
    }
    if(object->mAnimFlags[ id ] & Material::Scale)
    {
 	   if(dStrcmp( animFlags, "" ) == 0)
-	      dStrcpy( animFlags, "$Scale" );
+	      dStrcpy( animFlags, "$Scale", 512 );
 	   else
 			dStrcat( animFlags, " | $Scale", 512);
    }
    if(object->mAnimFlags[ id ] & Material::Sequence)
    {
 	   if(dStrcmp( animFlags, "" ) == 0)
-	      dStrcpy( animFlags, "$Sequence" );
+	      dStrcpy( animFlags, "$Sequence", 512 );
 	   else
 			dStrcat( animFlags, " | $Sequence", 512);
    }

Engine/source/module/moduleDefinition.h

@@ -254,11 +254,11 @@ protected:
             for ( U32 dependencyIndex = 0; dependencyIndex < dependencyWordCount; ++dependencyIndex )
             {
                 // Fetch slot.
-                dStrcpy( slotUnit, StringUnit::getUnit( pDependencyValue, dependencyIndex, "," ) );
+                dStrcpy( slotUnit, StringUnit::getUnit( pDependencyValue, dependencyIndex, "," ), 256 );
         
                 // Fetch slot name and value.
-                dStrcpy( slotName, StringUnit::getUnit( slotUnit, 0, "=" ) );
-                dStrcpy( slotValue, StringUnit::getUnit( slotUnit, 1, "=" ) );
+                dStrcpy( slotName, StringUnit::getUnit( slotUnit, 0, "=" ), 256 );
+                dStrcpy( slotValue, StringUnit::getUnit( slotUnit, 1, "=" ), 256 );
 
                 // Fetch module Id.
                 StringTableEntry moduleId = StringTable->insert( slotName );

Engine/source/module/moduleManager.cpp

@@ -74,7 +74,7 @@ ModuleManager::ModuleManager() :
     mIgnoreLoadedGroups(false)
 {
     // Set module extension.
-    dStrcpy( mModuleExtension, MODULE_MANAGER_MODULE_DEFINITION_EXTENSION );
+    dStrcpy( mModuleExtension, MODULE_MANAGER_MODULE_DEFINITION_EXTENSION, 256 );
 }
 
 //-----------------------------------------------------------------------------
@@ -155,7 +155,7 @@ bool ModuleManager::setModuleExtension( const char* pExtension )
     }
 
     // Set module extension.
-    dStrcpy( mModuleExtension, pExtension );
+    dStrcpy( mModuleExtension, pExtension, 256 );
 
     return true;
 }

Engine/source/persistence/taml/taml.cpp

@@ -708,7 +708,7 @@ ImplementEnumType(_TamlFormatMode,
 
             U32 nBufferSize = dStrlen(pFieldValue) + 1;
             FrameTemp<char> valueCopy(nBufferSize);
-            dStrcpy((char *)valueCopy, pFieldValue);
+            dStrcpy((char *)valueCopy, pFieldValue, nBufferSize);
 
             // Skip if field should not be written.
             if (!pSimObject->writeField(fieldName, valueCopy))
@@ -1547,4 +1547,4 @@ ImplementEnumType(_TamlFormatMode,
       TiXmlElement* pAnyElement = new TiXmlElement("xs:any");
       pAnyElement->SetAttribute("processContents", "skip");
       pSequenceElement->LinkEndChild(pAnyElement);
-   }
+   }

Engine/source/persistence/taml/tamlCustom.cpp

@@ -53,7 +53,7 @@ void TamlCustomField::set( const char* pFieldName, const char* pFieldValue )
     }
 #endif
     // Copy field value.
-    dStrcpy( mFieldValue, pFieldValue );
+    dStrcpy( mFieldValue, pFieldValue, MAX_TAML_NODE_FIELDVALUE_LENGTH );
 }
 
 //-----------------------------------------------------------------------------

Engine/source/persistence/taml/tamlCustom.h

@@ -334,7 +334,7 @@ public:
         // Sanity!
         AssertFatal( fieldNameLength < sizeof(fieldNameBuffer), "TamlCustomField: Field name is too long." );
 
-        dStrcpy( fieldNameBuffer, mFieldName );
+        dStrcpy( fieldNameBuffer, mFieldName, 1024 );
         fieldNameBuffer[fieldNameLength-1] = 0;
         StringTableEntry fieldName = StringTable->insert( fieldNameBuffer );
 
@@ -782,4 +782,4 @@ private:
     TamlCustomNodeVector mNodes;
 };
 
-#endif // _TAML_CUSTOM_H_
+#endif // _TAML_CUSTOM_H_

Engine/source/persistence/taml/tamlWriteNode.h

@@ -54,7 +54,7 @@ public:
 
             // Allocate and copy the value.
             mpValue = new char[ dStrlen(pValue)+1 ];
-            dStrcpy( (char *)mpValue, pValue );
+            dStrcpy( (char *)mpValue, pValue, dStrlen(pValue) + 1 );
         }
         
 
@@ -113,4 +113,4 @@ public:
     TamlCustomNodes             mCustomNodes;
 };
 
-#endif // _TAML_WRITE_NODE_H_
+#endif // _TAML_WRITE_NODE_H_

Engine/source/platform/nativeDialogs/fileDialog.cpp

@@ -433,7 +433,7 @@ bool FileDialog::setDefaultPath(void *object, const char *index, const char *dat
 
    // Copy and Backslash the path (Windows dialogs are VERY picky about this format)
    static char szPathValidate[512];
-   dStrcpy(szPathValidate, data);
+   dStrcpy(szPathValidate, data, 512);
 
    Platform::makeFullPathName(data, szPathValidate, sizeof(szPathValidate));
    //backslash( szPathValidate );

Engine/source/platform/platformFileIO.cpp

@@ -534,7 +534,7 @@ StringTableEntry Platform::makeRelativePathName(const char *path, const char *to
 
       // Copy the rest
       if(*branch)
-         dStrcpy(bufPtr, branch + 1);
+         dStrcpy(bufPtr, branch + 1, temp.size - (bufPtr - temp.ptr));
       else
          *--bufPtr = 0;
 

Engine/source/platform/platformMemory.cpp

@@ -1130,7 +1130,7 @@ static void logFree(const AllocatedHeader* hdr)
 
 void enableLogging(const char* fileName)
 {
-   dStrcpy(gLogFilename, fileName);
+   dStrcpy(gLogFilename, fileName, 256);
    if (!gEnableLogging)
    {
       gEnableLogging = true;

Engine/source/platform/platformNet.cpp

@@ -280,7 +280,7 @@ namespace PlatformNetState
       if (addressString[0] == '[')
       {
          // Must be ipv6 notation
-         dStrcpy(outAddress, addressString+1);
+         dStrcpy(outAddress, addressString+1, 256);
          addressString = outAddress;
 
          portString = dStrchr(outAddress, ']');
@@ -305,7 +305,7 @@ namespace PlatformNetState
       }
       else
       {
-         dStrcpy(outAddress, addressString);
+         dStrcpy(outAddress, addressString, 256);
          addressString = outAddress;
 
          // Check to see if we have multiple ":" which would indicate this is an ipv6 address
@@ -546,7 +546,7 @@ static PolledSocket* addPolledSocket(NetSocket handleFd, SOCKET fd, S32 state,
    sock->handleFd = handleFd;
    sock->state = state;
    if (remoteAddr)
-      dStrcpy(sock->remoteAddr, remoteAddr);
+      dStrcpy(sock->remoteAddr, remoteAddr, 256);
    if (port != -1)
       sock->remotePort = port;
    gPolledSockets.push_back(sock);

Engine/source/platform/platformRedBook.cpp

@@ -94,7 +94,7 @@ void RedBook::setLastError(const char * error)
    if(!error || dStrlen(error) >= sizeof(smLastError))
       setLastError("Invalid error string passed");
    else
-      dStrcpy(smLastError, error);
+      dStrcpy(smLastError, error, 1024);
 }
 
 const char * RedBook::getLastError()

Engine/source/platform/profiler.cpp

@@ -328,9 +328,9 @@ const char * Profiler::constructProfilePath(ProfilerData * pd)
 
       U32 mark = FrameAllocator::getWaterMark();
       char * buf = (char*)FrameAllocator::alloc(len+1);
-      dStrcpy(buf,pd->mParent->mPath);
-      dStrcat(buf,connector,len);
-      dStrcat(buf,pd->mRoot->mName,len);
+      dStrcpy(buf,pd->mParent->mPath,len+1);
+      dStrcat(buf,connector,len+1);
+      dStrcat(buf,pd->mRoot->mName,len+1);
       const char * ret = StringTable->insert(buf);
       FrameAllocator::setWaterMark(mark);
       
@@ -433,7 +433,7 @@ void Profiler::dumpToFile(const char* fileName)
    AssertFatal(dStrlen(fileName) < DumpFileNameLength, "Error, dump filename too long");
    mDumpToFile = true;
    mDumpToConsole = false;
-   dStrcpy(mDumpFileName, fileName);
+   dStrcpy(mDumpFileName, fileName, DumpFileNameLength);
 }
 
 void Profiler::hashPop(ProfilerRootData *expected)
@@ -645,11 +645,11 @@ void Profiler::dump()
       AssertFatal(success, "Cannot write profile dump to specified file!");
          char buffer[1024];
 
-         dStrcpy(buffer, "Profiler Data Dump:\n");
+         dStrcpy(buffer, "Profiler Data Dump:\n", 1024);
          fws.write(dStrlen(buffer), buffer);
-         dStrcpy(buffer, "Ordered by non-sub total time -\n");
+         dStrcpy(buffer, "Ordered by non-sub total time -\n", 1024);
          fws.write(dStrlen(buffer), buffer);
-         dStrcpy(buffer, "%%NSTime  %% Time  Invoke #  Name\n");
+         dStrcpy(buffer, "%%NSTime  %% Time  Invoke #  Name\n", 1024);
          fws.write(dStrlen(buffer), buffer);
 
          for(U32 i = 0; i < rootVector.size(); i++)
@@ -665,9 +665,9 @@ void Profiler::dump()
             rootVector[i]->mTotalTime = 0;
             rootVector[i]->mSubTime = 0;
          }
-         dStrcpy(buffer, "\nOrdered by non-sub total time -\n");
+         dStrcpy(buffer, "\nOrdered by non-sub total time -\n", 1024);
          fws.write(dStrlen(buffer), buffer);
-         dStrcpy(buffer, "%%NSTime  %% Time  Invoke #  Name\n");
+         dStrcpy(buffer, "%%NSTime  %% Time  Invoke #  Name\n", 1024);
          fws.write(dStrlen(buffer), buffer);
 
       mCurrentProfilerData->mTotalTime = endHighResolutionTimer(mCurrentProfilerData->mStartTime);

Engine/source/platformMac/macFileIO.mm

@@ -894,7 +894,7 @@ static bool recurseDumpDirectories(const char *basePath, const char *subPath, Ve
          {
             char child[1024];
             if ( (basePath[dStrlen(basePath) - 1]) == '/')
-               dStrcpy (child, d->d_name);
+               dStrcpy (child, d->d_name, 1024);
             else
                dSprintf(child, 1024, "/%s", d->d_name);
             if (currentDepth < recurseDepth || recurseDepth == -1)

Engine/source/platformWin32/minidump/winMiniDump.cpp

@@ -144,7 +144,7 @@ INT CreateMiniDump( LPEXCEPTION_POINTERS ExceptionInfo)
 
    //copy over the pdb file
    char pdbName[1024];
-   dStrcpy(pdbName, exeName);	
+   dStrcpy(pdbName, exeName, 1024);	
    dStrncat(pdbName, ".pdb", 4);
    dSprintf(fromFile, 2048, "%s/%s", Platform::getCurrentDirectory(), pdbName );
    dSprintf(fileName, 2048, "%s/%s", crashPath, pdbName );

Engine/source/platformWin32/nativeDialogs/fileDialog.cpp

@@ -142,7 +142,7 @@ static UINT_PTR CALLBACK FolderHookProc(HWND hdlg, UINT uMsg, WPARAM wParam, LPA
 #ifdef UNICODE
                      convertUTF16toUTF8(buf, filePath);
 #else
-                     dStrcpy( filePath, buf );
+                     dStrcpy( filePath, buf, MAX_PATH );
 #endif
 
                      // [tom, 12/8/2006] Hack to remove files from the list because
@@ -333,8 +333,8 @@ bool FileDialog::Execute()
    char pszFile[MAX_PATH];
    char pszFilter[1024];
    char pszFileTitle[MAX_PATH];
-   dStrcpy( pszFile, mData.mDefaultFile );
-   dStrcpy( pszFilter, mData.mFilters );
+   dStrcpy( pszFile, mData.mDefaultFile, MAX_PATH );
+   dStrcpy( pszFilter, mData.mFilters, 1024 );
    const char* pszInitialDir = mData.mDefaultPath;
    const char* pszTitle = mData.mTitle;
    
@@ -447,7 +447,7 @@ bool FileDialog::Execute()
       convertUTF16toUTF8DoubleNULL( (UTF16*)pszFile, (UTF8*)pszResult, sizeof(pszResult));
 #else
    if(pszFileTitle[0] || ! ( mData.mStyle & FileDialogData::FDS_OPEN && mData.mStyle & FileDialogData::FDS_MULTIPLEFILES ))
-      dStrcpy(pszResult,pszFile);
+      dStrcpy(pszResult,pszFile,MAX_PATH);
    else
    {
       // [tom, 1/4/2007] pszResult is a double-NULL terminated, NULL separated list in this case so we can't just dSstrcpy()
@@ -614,7 +614,7 @@ bool FileDialog::setDefaultPath( void *object, const char *index, const char *da
 
    // Copy and Backslash the path (Windows dialogs are VERY picky about this format)
    static char szPathValidate[512];
-   dStrcpy( szPathValidate, data );
+   dStrcpy( szPathValidate, data, 512 );
 
    Platform::makeFullPathName( data,szPathValidate, sizeof(szPathValidate));
    backslash( szPathValidate );

Engine/source/platformWin32/winDInputDevice.cpp

@@ -1576,7 +1576,7 @@ const char* DInputDevice::getJoystickAxesString()
    }
 
    char* returnString = Con::getReturnBuffer( dStrlen( buf ) + 1 );
-   dStrcpy( returnString, buf );
+   dStrcpy( returnString, buf, dStrlen(buf) + 1 );
    return( returnString );
 }
 

Engine/source/platformWin32/winFileio.cpp

@@ -56,7 +56,7 @@ bool dFileDelete(const char * name)
 #ifdef UNICODE
    convertUTF8toUTF16N( name, buf, buf.size );
 #else
-   dStrcpy( buf, name );
+   dStrcpy( buf, name, buf.size );
 #endif
 
    backslash( buf );
@@ -88,8 +88,8 @@ bool dFileRename(const char *oldName, const char *newName)
    convertUTF8toUTF16N( oldName, oldf, oldf.size );
    convertUTF8toUTF16N( newName, newf, newf.size );
 #else
-   dStrcpy(oldf, oldName);
-   dStrcpy(newf, newName);
+   dStrcpy(oldf, oldName, oldf.size);
+   dStrcpy(newf, newName, newf.size);
 #endif
    backslash(oldf);
    backslash(newf);
@@ -106,7 +106,7 @@ bool dFileTouch(const char * name)
 #ifdef UNICODE
    convertUTF8toUTF16N( name, buf, buf.size );
 #else
-   dStrcpy( buf, name );
+   dStrcpy( buf, name, buf.size );
 #endif
 
    backslash( buf );
@@ -133,8 +133,8 @@ bool dPathCopy(const char *fromName, const char *toName, bool nooverwrite)
    convertUTF8toUTF16N( fromName, from, from.size );
    convertUTF8toUTF16N( toName, to, to.size );
 #else
-   dStrcpy( from, fromName );
-   dStrcpy( to, toName );
+   dStrcpy( from, fromName, from.size );
+   dStrcpy( to, toName, to.size );
 #endif
 
    backslash( from );
@@ -270,7 +270,7 @@ File::FileStatus File::open(const char *filename, const AccessMode openMode)
 #ifdef UNICODE
    convertUTF8toUTF16N( filename, fname, fname.size );
 #else
-   dStrcpy(fname, filename);
+   dStrcpy(fname, filename, fname.size);
 #endif
    backslash( fname );
 
@@ -679,7 +679,7 @@ bool Platform::getFileTimes(const char *filePath, FileTime *createTime, FileTime
 #ifdef UNICODE
    convertUTF8toUTF16N( filePath, fp, fp.size );
 #else
-   dStrcpy( fp, filePath );
+   dStrcpy( fp, filePath, fp.size );
 #endif
 
    backslash( fp );
@@ -834,7 +834,7 @@ bool Platform::setCurrentDirectory(StringTableEntry newDir)
 #ifdef UNICODE
    convertUTF8toUTF16N( newDir, buf, buf.size - 1 );
 #else
-   dStrcpy( buf, newDir );
+   dStrcpy( buf, newDir, buf.size );
 #endif
 
    backslash( buf );
@@ -949,7 +949,7 @@ bool Platform::isFile(const char *pFilePath)
 #ifdef UNICODE
    convertUTF8toUTF16N( pFilePath, buf, buf.size );
 #else
-   dStrcpy( buf, pFilePath );
+   dStrcpy( buf, pFilePath, buf.size );
 #endif
    backslash( buf );
 
@@ -988,7 +988,7 @@ S32 Platform::getFileSize(const char *pFilePath)
 #ifdef UNICODE
    convertUTF8toUTF16N( pFilePath, buf, buf.size );
 #else
-   dStrcpy( buf, pFilePath );
+   dStrcpy( buf, pFilePath, buf.size );
 #endif
    backslash( buf );
 
@@ -1025,7 +1025,7 @@ bool Platform::isDirectory(const char *pDirPath)
 #ifdef UNICODE
    convertUTF8toUTF16N( pDirPath, buf, buf.size );
 #else
-   dStrcpy( buf, pDirPath );
+   dStrcpy( buf, pDirPath, buf.size );
 #endif
    backslash( buf );
 
@@ -1072,8 +1072,8 @@ bool Platform::isSubDirectory(const char *pParent, const char *pDir)
    convertUTF8toUTF16N( fileName, file, file.size );
    convertUTF8toUTF16N( pDir, dir, dir.size );
 #else
-   dStrcpy( file, fileName );
-   dStrcpy( dir, pDir );
+   dStrcpy( file, fileName, file.size );
+   dStrcpy( dir, pDir, dir.size );
 #endif
 
    backslash( file );
@@ -1257,7 +1257,7 @@ bool Platform::hasSubDirectory(const char *pPath)
    // Compose our search string - Format : ([path]/[subpath]/*)
    char trail = pPath[ dStrlen(pPath) - 1 ];
    if( trail == '/' )
-      dStrcpy( searchBuf, pPath );
+      dStrcpy( searchBuf, pPath, 1024 );
    else
       dSprintf(searchBuf, 1024, "%s/*", pPath );
 

Engine/source/platformWin32/winRedbook.cpp

@@ -84,7 +84,7 @@ void installRedBookDevices()
       {
          Win32RedBookDevice * device = new Win32RedBookDevice;
          device->mDeviceName = new char[dStrlen(str) + 1];
-         dStrcpy(device->mDeviceName, str);
+         dStrcpy(device->mDeviceName, str, dStrlen(str) + 1);
 
          RedBook::installDevice(device);
       }

Engine/source/platformWin32/winWindow.cpp

@@ -606,7 +606,7 @@ const char* Platform::getLoginPassword()
       if ( RegQueryValueEx( regKey, dT("LoginPassword"), NULL, NULL, buf, &size ) == ERROR_SUCCESS )
       {
          returnString = Con::getReturnBuffer( size + 1 );
-         dStrcpy( returnString, (const char*) buf );
+         dStrcpy( returnString, (const char*) buf, size + 1 );
       }
 
       RegCloseKey( regKey );

Engine/source/sfx/openal/sfxALProvider.cpp

@@ -114,7 +114,7 @@ void SFXALProvider::init()
          dSprintf( temp, sizeof( temp ), "[EAX %d.0] %s", eax, ( mALDL->IsExtensionSupported( i, SFXALEAXRAM ) ? "EAX-RAM" : "" ) );
       }
       else
-         dStrcpy( temp, "" );
+         dStrcpy( temp, "", 256 );
 
       info->driver = String::ToString( deviceFormat, major, minor, temp );
       info->hasHardware = eax > 0;
@@ -144,4 +144,4 @@ SFXDevice *SFXALProvider::createDevice( const String& deviceName, bool useHardwa
       return new SFXALDevice( this, mOpenAL, info->name, useHardware, maxBuffers );
 
    return NULL;
-}
+}

Engine/source/shaderGen/GLSL/shaderCompGLSL.cpp

@@ -142,7 +142,7 @@ void AppVertConnectorGLSL::sortVars()
 
 void AppVertConnectorGLSL::setName( char *newName )
 {
-   dStrcpy( (char*)mName, newName );
+   dStrcpy( (char*)mName, newName, 32 );
 }
 
 void AppVertConnectorGLSL::reset()
@@ -287,7 +287,7 @@ void VertPixelConnectorGLSL::sortVars()
 
 void VertPixelConnectorGLSL::setName( char *newName )
 {
-   dStrcpy( (char*)mName, newName );
+   dStrcpy( (char*)mName, newName, 32 );
 }
 
 void VertPixelConnectorGLSL::reset()

Engine/source/shaderGen/langElement.cpp

@@ -87,7 +87,7 @@ U32 Var::texUnitCount = 0;
 
 Var::Var()
 {
-   dStrcpy( (char*)type, "float4" );
+   dStrcpy( (char*)type, "float4", 32 );
    structName[0] = '\0';
    connectName[0] = '\0';
    constSortPos = cspUninit;
@@ -209,4 +209,4 @@ void MultiLine::print( Stream &stream )
    {
       mStatementList[i]->print( stream );
    }
-} 
+} 

Engine/source/shaderGen/shaderGen.cpp

@@ -153,8 +153,8 @@ void ShaderGen::generateShader( const MaterialFeatureData &featureData,
    dSprintf( vertShaderName, sizeof(vertShaderName), "shadergen:/%s_V.%s", cacheName, mFileEnding.c_str() );
    dSprintf( pixShaderName, sizeof(pixShaderName), "shadergen:/%s_P.%s", cacheName, mFileEnding.c_str() );
    
-   dStrcpy( vertFile, vertShaderName );
-   dStrcpy( pixFile, pixShaderName );   
+   dStrcpy( vertFile, vertShaderName, 256 );
+   dStrcpy( pixFile, pixShaderName, 256 );
    
    // this needs to change - need to optimize down to ps v.1.1
    *pixVersion = GFX->getPixelShaderVersion();

Engine/source/sim/actionMap.cpp

@@ -245,7 +245,7 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const
       else
       {
          // IMPORTANT -- do NOT change the following line, it identifies the file as an input map file
-         dStrcpy( lineBuffer, "// Torque Input Map File\n" );
+         dStrcpy( lineBuffer, "// Torque Input Map File\n", 1024 );
          iostrm->write( dStrlen( lineBuffer ), lineBuffer );
       }
 
@@ -453,7 +453,7 @@ void ActionMap::dumpActionMap(const char* fileName, const bool append) const
 bool ActionMap::createEventDescriptor(const char* pEventString, EventDescriptor* pDescriptor)
 {
    char copyBuffer[256];
-   dStrcpy(copyBuffer, pEventString);
+   dStrcpy(copyBuffer, pEventString, 256);
 
    // Do we have modifiers?
    char* pSpace = dStrchr(copyBuffer, ' ');
@@ -909,7 +909,7 @@ const char* ActionMap::getDeadZone( const char* device, const char* action )
                char buf[64];
                dSprintf( buf, sizeof( buf ), "%g %g", mapNode->deadZoneBegin, mapNode->deadZoneEnd );
                char* returnString = Con::getReturnBuffer( dStrlen( buf ) + 1 );
-               dStrcpy( returnString, buf );
+               dStrcpy( returnString, buf, dStrlen(buf) + 1 );
                return( returnString );
             }
             else
@@ -995,7 +995,7 @@ bool ActionMap::getDeviceName(const U32 deviceType, const U32 deviceInstance, ch
 {
    switch (deviceType) {
      case KeyboardDeviceType:
-      dStrcpy(buffer, "keyboard");
+      dStrcpy(buffer, "keyboard", 16);
       break;
 
      case MouseDeviceType:
@@ -1135,7 +1135,7 @@ bool ActionMap::getKeyString(const U32 action, char* buffer)
       for (U32 i = 0; gAsciiMap[i].asciiCode != 0xFFFF; i++) {
          if (gAsciiMap[i].asciiCode == asciiCode)
          {
-            dStrcpy(buffer, gAsciiMap[i].pDescription);
+            dStrcpy(buffer, gAsciiMap[i].pDescription, 16);
             return true;
          }
       }
@@ -1166,7 +1166,7 @@ bool ActionMap::getKeyString(const U32 action, char* buffer)
       const char* desc = INPUTMGR->findVirtualMapDescFromCode(action);
       if(desc)
       {
-         dStrcpy(buffer, desc);
+         dStrcpy(buffer, desc, 16);
          return true;
       }
    }

Engine/source/sim/netDownload.cpp

@@ -53,7 +53,7 @@ public:
 
          for(U32 i = 0; i < nameCount; i++)
          {
-            dStrcpy(mFileNames[i], (*nameList)[i]);
+            dStrcpy(mFileNames[i], (*nameList)[i], 256);
             //Con::printf("Sending request for file %s", mFileNames[i]);
          }
       }

Engine/source/sim/netStringTable.cpp

@@ -97,7 +97,7 @@ U32 NetStringTable::addString(const char *string)
    }
    table[e].refCount++;
    table[e].string = (char *) allocator->alloc(dStrlen(string) + 1);
-   dStrcpy(table[e].string, string);
+   dStrcpy(table[e].string, string, dStrlen(string) + 1);
    table[e].next = hashTable[bucket];
    hashTable[bucket] = e;
    table[e].link = firstValid;
@@ -179,7 +179,7 @@ void NetStringTable::repack()
 
 
       table[walk].string = (char *) newAllocator->alloc(dStrlen(prevStr) + 1);
-      dStrcpy(table[walk].string, prevStr);
+      dStrcpy(table[walk].string, prevStr, dStrlen(prevStr) + 1);
    }
    delete allocator;
    allocator = newAllocator;

Engine/source/terrain/terrData.cpp

@@ -1303,7 +1303,7 @@ DefineEngineMethod( TerrainBlock, save, bool, ( const char* fileName),,
 				   "@return True if file save was successful, false otherwise")
 {
 	char filename[256];
-	dStrcpy(filename,fileName);
+	dStrcpy(filename,fileName,256);
    char *ext = dStrrchr(filename, '.');
    if (!ext || dStricmp(ext, ".ter") != 0)
       dStrcat(filename, ".ter", 256);
@@ -1313,7 +1313,7 @@ DefineEngineMethod( TerrainBlock, save, bool, ( const char* fileName),,
 //ConsoleMethod(TerrainBlock, save, bool, 3, 3, "(string fileName) - saves the terrain block's terrain file to the specified file name.")
 //{
 //   char filename[256];
-//   dStrcpy(filename,argv[2]);
+//   dStrcpy(filename,argv[2],256);
 //   char *ext = dStrrchr(filename, '.');
 //   if (!ext || dStricmp(ext, ".ter") != 0)
 //      dStrcat(filename, ".ter", 256);

Engine/source/util/messaging/eventManager.cpp

@@ -289,7 +289,7 @@ bool EventManager::subscribe(SimObject *callbackObj, const char* event, const ch
    else
    {
       cb = new char[dStrlen(callback) + 1];
-      dStrcpy(cb, callback);
+      dStrcpy(cb, callback, dStrlen(callback) + 1);
    }
 
    // Create the subscriber object.

Engine/source/util/undo.cpp

@@ -546,7 +546,7 @@ DefineConsoleMethod(UndoManager, getNextUndoName, const char *, (),, "UndoManage
    if(!name)
       return NULL;
    char *ret = Con::getReturnBuffer(dStrlen(name) + 1);
-   dStrcpy(ret, name);
+   dStrcpy(ret, name, dStrlen(name) + 1);
    return ret;
 }
 
@@ -557,7 +557,7 @@ DefineConsoleMethod(UndoManager, getNextRedoName, const char *, (),, "UndoManage
    if(!name)
       return NULL;
    char *ret = Con::getReturnBuffer(dStrlen(name) + 1);
-   dStrcpy(ret, name);
+   dStrcpy(ret, name, dStrlen(name) + 1);
    return ret;
 }