Commit baf152a3 authored by rswindell's avatar rswindell
Browse files

Create and use a SAFECAT() macro to address Coverity-scan reported issues about

unsafe strcat() usage (potential buffer overruns).
parent e9193c32
......@@ -248,7 +248,7 @@ int DLLCALL glob(const char *pattern, int flags, void* unused, glob_t* glob)
SAFECOPY(path,pattern);
p=getfname(path);
*p=0;
strcat(path,ff.name);
SAFECAT(path,ff.name);
if((glob->gl_pathv[glob->gl_pathc]=(char*)malloc(strlen(path)+2))==NULL) {
globfree(glob);
......@@ -315,7 +315,7 @@ long DLLCALL getdirsize(const char* path, BOOL include_subdirs, BOOL subdir_only
SAFECOPY(match,path);
backslash(match);
strcat(match,ALLFILES);
SAFECAT(match,ALLFILES);
glob(match,GLOB_MARK,NULL,&g);
if(include_subdirs && !subdir_only)
count=g.gl_pathc;
......@@ -767,7 +767,7 @@ ulong DLLCALL getfilecount(const char *inpath, const char* pattern)
SAFECOPY(path, inpath);
backslash(path);
strcat(path, pattern);
SAFECAT(path, pattern);
if(glob(path, GLOB_MARK, NULL, &g))
return 0;
for(gi = 0; gi < g.gl_pathc; ++gi) {
......
......@@ -376,6 +376,8 @@ typedef struct {
#define SAFECOPY(dst,src) (strncpy(dst,src,sizeof(dst)), TERMINATE(dst))
#endif
#define SAFECAT(dst, src) if(strlen(dst) + strlen(src) + 1 < sizeof(dst)) { strcat(dst, src); }
/* Bound-safe version of sprintf() - only works with fixed-length arrays */
#if (defined __FreeBSD__) || (defined __NetBSD__) || (defined __OpenBSD__) || (defined(__APPLE__) && defined(__MACH__) && defined(__POWERPC__))
/* *BSD *nprintf() is already safe */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment