From 19e6575feedea04665a3d7cbd608fe1935c9e4af Mon Sep 17 00:00:00 2001
From: Sebastian Holtermann <sebholt@web.de>
Date: Tue, 8 Oct 2024 16:46:00 +0200
Subject: [PATCH 1/2] Fix uninitialized string buffer access in pilot.cpp

The string buffer was used to obtain the file name but that was later replaced
by a std::string.  What remained was the uninitialized buffer that was fed
to logging functions where the std::string should have been used instead.

This removes the obsolete buffer and feeds the std::string to the logging
functions.
---
 Descent3/pilot.cpp | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/Descent3/pilot.cpp b/Descent3/pilot.cpp
index 7f5fceac1..15a81cd5e 100644
--- a/Descent3/pilot.cpp
+++ b/Descent3/pilot.cpp
@@ -2798,7 +2798,6 @@ void ShipSelectDeleteLogo(newuiListBox *lb) {
   ASSERT(lb);
 
   int selected_index = lb->GetCurrentIndex();
-  char custom_filename[384];
   char custom_logoname[384];
 
   // check for None selected
@@ -2807,7 +2806,7 @@ void ShipSelectDeleteLogo(newuiListBox *lb) {
     return;
   }
 
-  lb->GetItem(selected_index, custom_logoname, 384);
+  lb->GetItem(selected_index, custom_logoname, sizeof(custom_logoname));
 
   if ((selected_index - 1) >= (int)Custom_images.size()) {
     LOG_FATAL << "Listbox selected item not found";
@@ -2816,20 +2815,20 @@ void ShipSelectDeleteLogo(newuiListBox *lb) {
   }
 
   // Get the filename
-  std::filesystem::path p = Custom_images[selected_index - 1];
+  std::filesystem::path custom_filename = Custom_images[selected_index - 1];
 
   // delete custom_filename, we don't want it....
   char buffer[512];
   snprintf(buffer, sizeof(buffer), TXT_PLTOKDEL, custom_logoname);
   if (DoMessageBox(TXT_PLTDELCONF, buffer, MSGBOX_YESNO, UICOL_WINDOW_TITLE, UICOL_TEXT_NORMAL)) {
-    LOG_INFO.printf("Deleting pilot logo %s (%s)", custom_logoname, custom_filename);
+    LOG_INFO.printf("Deleting pilot logo %s (%s)", custom_logoname, custom_filename.u8string().c_str());
 
     std::error_code ec;
-    if (std::filesystem::remove(LocalCustomGraphicsDir / p, ec)) {
+    if (std::filesystem::remove(LocalCustomGraphicsDir / custom_filename, ec)) {
       // Update the list box, select none
       UpdateGraphicsListbox(lb);
     } else {
-      LOG_FATAL.printf("Unable to delete file %s", custom_filename);
+      LOG_FATAL.printf("Unable to delete file %s", custom_filename.u8string().c_str());
       Int3();
     }
   }

From 8345055fd1e3cf08065f9530d6e6dd706487ad30 Mon Sep 17 00:00:00 2001
From: Sebastian Holtermann <sebholt@web.de>
Date: Tue, 8 Oct 2024 16:57:44 +0200
Subject: [PATCH 2/2] Fix another uninitialized string buffer access in
 pilot.cpp

The string buffer was used to obtain the file name but that was later replaced
by a std::string.  What remained was the uninitialized buffer that was fed
to logging functions where the std::string should have been used instead.

This removes the obsolete buffer and feeds the std::string to the logging
functions.
---
 Descent3/pilot.cpp | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/Descent3/pilot.cpp b/Descent3/pilot.cpp
index 15a81cd5e..94df967f0 100644
--- a/Descent3/pilot.cpp
+++ b/Descent3/pilot.cpp
@@ -2840,7 +2840,6 @@ void ShipSelectDeleteTaunt(pilot *Pilot, newuiComboBox *lb, tAudioTauntComboBoxe
   ASSERT(taunt_boxes);
 
   int selected_index = lb->GetCurrentIndex();
-  char custom_filename[384];
   char custom_logoname[384];
 
   // check for None selected
@@ -2849,7 +2848,7 @@ void ShipSelectDeleteTaunt(pilot *Pilot, newuiComboBox *lb, tAudioTauntComboBoxe
     return;
   }
 
-  lb->GetItem(selected_index, custom_logoname, 384);
+  lb->GetItem(selected_index, custom_logoname, sizeof(custom_logoname));
 
   if ((selected_index - 1) >= (int)Audio_taunts.size()) {
     LOG_FATAL << "Listbox selected item not found";
@@ -2858,21 +2857,21 @@ void ShipSelectDeleteTaunt(pilot *Pilot, newuiComboBox *lb, tAudioTauntComboBoxe
   }
 
   // Get the filename
-  std::filesystem::path p = Audio_taunts[selected_index - 1];
+  std::filesystem::path custom_filename = Audio_taunts[selected_index - 1];
 
   // delete custom_filename, we don't want it....
   char buffer[512];
   snprintf(buffer, sizeof(buffer), TXT_PLTOKDEL, custom_logoname);
   if (DoMessageBox(TXT_PLTDELCONF, buffer, MSGBOX_YESNO, UICOL_WINDOW_TITLE, UICOL_TEXT_NORMAL)) {
-    LOG_INFO.printf("Deleting audio taunt %s (%s)", custom_logoname, custom_filename);
+    LOG_INFO.printf("Deleting audio taunt %s (%s)", custom_logoname, custom_filename.u8string().c_str());
 
     std::error_code ec;
-    if (std::filesystem::remove(LocalCustomSoundsDir / p, ec)) {
+    if (std::filesystem::remove(LocalCustomSoundsDir / custom_filename, ec)) {
       // Update the list boxes, select none
       UpdateAudioTauntBoxes(taunt_boxes->taunt_a, taunt_boxes->taunt_b, taunt_boxes->taunt_c, taunt_boxes->taunt_d,
                             Pilot);
     } else {
-      LOG_FATAL.printf("Unable to delete file %s", custom_filename);
+      LOG_FATAL.printf("Unable to delete file %s", custom_filename.u8string().c_str());
       Int3();
     }
   }