From: Ole Streicher Date: Wed, 12 Oct 2016 10:04:37 +0200 Subject: Replace strcat calls with size checked strncat calls --- recipes/kmo_stats.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/recipes/kmo_stats.c b/recipes/kmo_stats.c index c295ae4..577cbb1 100644 --- a/recipes/kmo_stats.c +++ b/recipes/kmo_stats.c @@ -849,9 +849,10 @@ static int kmo_stats(cpl_parameterlist *parlist, cpl_frameset *frameset) sub_header = kmo_dfs_load_sub_header(frameset, STATS, extnr, FALSE)); - strcat(strarr[0], - cpl_propertylist_get_string(sub_header, EXTNAME)); - strcat(strarr[0], "|"); + strncat(strarr[0], + cpl_propertylist_get_string(sub_header, EXTNAME), + 1024-strlen(strarr[0])-1); + strncat(strarr[0], "|", 1024-strlen(strarr[0])-1); cpl_propertylist_delete(sub_header); sub_header = NULL; KMO_TRY_EXIT_IF_NULL( @@ -869,7 +870,7 @@ static int kmo_stats(cpl_parameterlist *parlist, cpl_frameset *frameset) tmp_str = cpl_sprintf(" - |")); } - strcat(strarr[i], tmp_str); + strncat(strarr[i], tmp_str, 1024-strlen(strarr[i])-1); cpl_free(tmp_str); tmp_str = NULL; } kmclipm_vector_delete(data_out); data_out = NULL; @@ -878,9 +879,10 @@ static int kmo_stats(cpl_parameterlist *parlist, cpl_frameset *frameset) KMO_TRY_EXIT_IF_NULL( sub_header = kmo_dfs_load_sub_header(frameset, STATS, extnr, TRUE)); - strcat(strarr[0], - cpl_propertylist_get_string(sub_header, EXTNAME)); - strcat(strarr[0], "|"); + strncat(strarr[0], + cpl_propertylist_get_string(sub_header, EXTNAME), + 1024-strlen(strarr[0])-1); + strncat(strarr[0], "|", 1024-strlen(strarr[0])-1); cpl_propertylist_delete(sub_header); sub_header = NULL; KMO_TRY_EXIT_IF_NULL( @@ -899,7 +901,7 @@ static int kmo_stats(cpl_parameterlist *parlist, cpl_frameset *frameset) tmp_str = cpl_sprintf(" - |")); } - strcat(strarr[i], tmp_str); + strncat(strarr[i], tmp_str, 1024-strlen(strarr[i])-1); cpl_free(tmp_str); tmp_str = NULL; } kmclipm_vector_delete(data_out); data_out = NULL;