From 69b0f0b650e57370de28979513cf3b8b3889f0ba Mon Sep 17 00:00:00 2001
From: Misa <infoteddy@infoteddy.info>
Date: Wed, 24 Mar 2021 12:19:44 -0700
Subject: [PATCH] Add missing pText NULL checks

If an XML tag doesn't contain anything inside, pText will be NULL. If
that happens without being checked, then NULL will be passed to
SDL_strcmp(). SDL_strcmp() will either call libc strcmp() or use its own
implementation; both implementations will still dereference the NULL
without checking it.

This is undefined behavior, so I'm fixing it. The solution is to do what
is done with all other XML parsing functions, and to make sure pText
gets set to a safe empty string (which is just a pointer to a null
terminator) if it happens to be NULL.
---
 desktop_version/src/Game.cpp | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/desktop_version/src/Game.cpp b/desktop_version/src/Game.cpp
index 73fec9e0..74a780aa 100644
--- a/desktop_version/src/Game.cpp
+++ b/desktop_version/src/Game.cpp
@@ -292,6 +292,11 @@ void Game::init(void)
             const char* pKey = pElem->Value();
             const char* pText = pElem->GetText() ;
 
+            if (pText == NULL)
+            {
+                pText = "";
+            }
+
             if (SDL_strcmp(pKey, "summary") == 0)
             {
                 quicksummary = pText;
@@ -332,6 +337,11 @@ void Game::init(void)
             const char* pKey = pElem->Value();
             const char* pText = pElem->GetText() ;
 
+            if (pText == NULL)
+            {
+                pText = "";
+            }
+
             if (SDL_strcmp(pKey, "summary") == 0)
             {
                 telesummary = pText;
@@ -4016,6 +4026,11 @@ void Game::loadstats(ScreenSettings* screen_settings)
         const char* pKey = pElem->Value();
         const char* pText = pElem->GetText() ;
 
+        if (pText == NULL)
+        {
+            pText = "";
+        }
+
         LOAD_ARRAY(unlock)
 
         LOAD_ARRAY(unlocknotify)
@@ -4073,6 +4088,11 @@ void Game::deserializesettings(tinyxml2::XMLElement* dataNode, ScreenSettings* s
         const char* pKey = pElem->Value();
         const char* pText = pElem->GetText();
 
+        if (pText == NULL)
+        {
+            pText = "";
+        }
+
         if (SDL_strcmp(pKey, "fullscreen") == 0)
         {
             screen_settings->fullscreen = help.Int(pText);
@@ -5132,6 +5152,11 @@ void Game::loadsummary(void)
             const char* pKey = pElem->Value();
             const char* pText = pElem->GetText() ;
 
+            if (pText == NULL)
+            {
+                pText = "";
+            }
+
             if (SDL_strcmp(pKey, "summary") == 0)
             {
                 telesummary = pText;
@@ -5209,6 +5234,11 @@ void Game::loadsummary(void)
             const char* pKey = pElem->Value();
             const char* pText = pElem->GetText() ;
 
+            if (pText == NULL)
+            {
+                pText = "";
+            }
+
             if (SDL_strcmp(pKey, "summary") == 0)
             {
                 quicksummary = pText;