Re: [E-devel] [EGIT] [core/enlightenment] master 04/10: Use strncpy instead of strcpy

Sat, 07 Dec 2013 16:40:19 -0800 

On Sat, Dec 7, 2013 at 7:29 PM, Sebastian Dransfeld <s...@tango.flipp.net> 
wrote:
> englebass pushed a commit to branch master.
>
> http://git.enlightenment.org/core/enlightenment.git/commit/?id=0c4131d1be48af944f048b9a3bd37e93eb4450e2
>
> commit 0c4131d1be48af944f048b9a3bd37e93eb4450e2
> Author: Sebastian Dransfeld <s...@tango.flipp.net>
> Date:   Sat Dec 7 21:47:42 2013 +0100
>
>     Use strncpy instead of strcpy
>
>     Even though a user has to be stupid to trigger this, strncpy should be
>     used if not to much hassle :)
> ---
>  src/bin/e_utils.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/bin/e_utils.c b/src/bin/e_utils.c
> index 97ad44a..abbf726 100644
> --- a/src/bin/e_utils.c
> +++ b/src/bin/e_utils.c
> @@ -163,19 +163,19 @@ e_util_head_exec(int head, const char *cmd)
>          /* yes it could overflow... but who will overflow DISPLAY eh? why? to
>           * "exploit" your own applications running as you?
>           */
> -        strcpy(buf, penv_display);
> +        strncpy(buf, penv_display, sizeof(buf));
>          buf[p2 - penv_display + 1] = 0;
>          snprintf(buf2, sizeof(buf2), "%i", head);
>          strcat(buf, buf2);

this whole block is better written as a single snprintf(buf,
sizeof(buf), "%s%i", penv_display, head);

no need to strcpy to buf, then generate the integer in another buffer,
then append to the former.

not to say that strcat is still able to overflow... and strncpy
doesn't guarantee the \0 (done in the line after it).


>       }
>     else if (p1) /* "blah:x */
>       {
> -        strcpy(buf, penv_display);
> +        strncpy(buf, penv_display, sizeof(buf));
>          snprintf(buf2, sizeof(buf2), ".%i", head);
>          strcat(buf, buf2);

same here.

>       }
>     else
> -     strcpy(buf, penv_display);
> +     strncpy(buf, penv_display, sizeof(buf));

could miss \0, use eina_strlcpy() instead.


>     ok = 1;
>     exe = ecore_exe_run(cmd, NULL);
>
> --
>
>



-- 
Gustavo Sverzut Barbieri
--------------------------------------
Mobile: +55 (19) 9225-2202
Contact: http://www.gustavobarbieri.com.br/contact

------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to