Skip to content

Commit

Permalink
[Security] Use 'g_strlcpy' instead of 'strcpy'
Browse files Browse the repository at this point in the history
Fixes Clang static analyzer warnings:

mate-rr-config.c:549:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
                strcpy (output->priv->vendor, "???");
                ^~~~~~

mate-desktop-item.c:2118:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
        strcpy (the_exec, exec);
        ^~~~~~
  • Loading branch information
sc0w committed Mar 17, 2019
1 parent 3233410 commit 137fd47
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion libmate-desktop/mate-desktop-item.c
Expand Up @@ -2115,7 +2115,7 @@ mate_desktop_item_launch_on_screen_with_env (

/* make a new copy and get rid of spaces */
the_exec = g_alloca (strlen (exec) + 1);
strcpy (the_exec, exec);
g_strlcpy (the_exec, exec, strlen (exec) + 1);

if ( ! strip_the_amp (the_exec)) {
g_set_error (error,
Expand Down
2 changes: 1 addition & 1 deletion libmate-desktop/mate-rr-config.c
Expand Up @@ -546,7 +546,7 @@ mate_rr_config_load_current (MateRRConfig *config, GError **error)
}
else
{
strcpy (output->priv->vendor, "???");
g_strlcpy (output->priv->vendor, "???", sizeof (output->priv->vendor));
output->priv->product = 0;
output->priv->serial = 0;
}
Expand Down

0 comments on commit 137fd47

Please sign in to comment.