Buffer Overflow Vulnerability in src/studio/fs.c

[vulnerabilitydetectionlearning]

Describe

A buffer overflow vulnerability can occur since sprintf with the format string of %s\%s can potentially overflow the buffer of char path[TICNAME_MAX] if the string is longer than TICNAME_MAX and its possible for fs->work and name to exceed that limit together . See link for more information regarding buffer overflow vulnerabilities: https://cwe.mitre.org/data/definitions/121.html

here are the location of the vulnerability:

TIC-80/src/studio/fs.c

Lines 92 to 104 in 515bcef

	const char* tic_fs_path(tic_fs* fs, const char* name)
	{
	static char path[TICNAME_MAX];
	if(*name == '/')
	strcpy(path, name + 1);
	else if(strlen(fs->work))
	sprintf(path, "%s/%s", fs->work, name);
	else
	strcpy(path, name);
	return tic_fs_pathroot(fs, path);
	}

consider using snprintf instead of sprintf for safety

[vulnerabilitydetectionlearning]

Hi! This vulnerability was detected by our deep learning based vulnerability detection model. Along with the detection, our model also localizes the vulnerability by producing a version of the function with code that contributed to the vulnerability highlighted. We provide the localization output of the vulnerable function identified in this Issue. The intensity of the highlight correspond to how important the code snippet was for vulnerability detection in this function.

As part of our university research project we would like to evaluate the usefulness of the model’s localization outputs. You can help us out by clicking one of the options below:

• This vulnerability is a real vulnerability and the localization output is useful. check
• This vulnerability is a real vulnerability but the localization output is not useful. check
• This vulnerability is not a real vulnerability but the localization output is useful. check
• This vulnerability is not a real vulnerability and the localization output is not useful. check

[nesbox]

Fixed here 0350ff7
Thank you