Skip to content
Permalink
Browse files

[Security] Use 'g_strlcpy' instead of 'strcpy'

Fixes Clang static analyzer warnings:

warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
  • Loading branch information...
sc0w committed Feb 28, 2019
1 parent fc162df commit 76a5cffd6f7e2cefc91c3e6e7e88eb156524a263
Showing with 5 additions and 4 deletions.
  1. +2 −1 src/core/testasyncgetprop.c
  2. +3 −3 src/core/xprops.c
@@ -37,6 +37,7 @@
#include <errno.h>
#include <signal.h>
#include <assert.h>
#include <glib.h>

#ifndef TRUE
#define TRUE 1
@@ -138,7 +139,7 @@ my_strdup (const char *str)
fprintf (stderr, "malloc failed\n");
exit (1);
}
strcpy (s, str);
g_strlcpy (s, str, (strlen (str) + 1));

return s;
}
@@ -821,7 +821,7 @@ class_hint_from_results (GetPropertyResults *results,
return FALSE;
}

strcpy (class_hint->res_name, (char *)results->prop);
g_strlcpy (class_hint->res_name, (char *)results->prop, (len_name + 1));

if (len_name == (int) results->n_items)
len_name--;
@@ -837,7 +837,7 @@ class_hint_from_results (GetPropertyResults *results,
return FALSE;
}

strcpy (class_hint->res_class, (char *)results->prop + len_name + 1);
g_strlcpy (class_hint->res_class, (char *)results->prop + len_name + 1, (len_class + 1));

XFree (results->prop);
results->prop = NULL;
@@ -1133,7 +1133,7 @@ meta_prop_get_values (MetaDisplay *display,
xmalloc_new_str = ag_Xmalloc (strlen (new_str) + 1);
if (xmalloc_new_str != NULL)
{
strcpy (xmalloc_new_str, new_str);
g_strlcpy (xmalloc_new_str, new_str, (strlen (new_str) + 1));
meta_XFree (values[i].v.str);
values[i].v.str = xmalloc_new_str;
}

0 comments on commit 76a5cff

Please sign in to comment.
You can’t perform that action at this time.