From a58f4427e2363291472e3428fd32c42465f7361f Mon Sep 17 00:00:00 2001
From: Mingjie Shen <shen497@purdue.edu>
Date: Mon, 2 Jun 2025 18:58:41 -0400
Subject: [PATCH] Prevent buffer overflow in example programs

Replaced unsafe strcpy(buf, p) calls with bounded strncpy(buf, p, sizeof(buf)-1)
followed by explicit NULL-termination. This change ensures that the UTF-8
result from stringprep_locale_to_utf8 cannot overflow the fixed-size buf array.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
---
 examples/example.c  | 3 ++-
 examples/example5.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/example.c b/examples/example.c
index 4c322f05..b37ad3d0 100644
--- a/examples/example.c
+++ b/examples/example.c
@@ -61,7 +61,8 @@ main (void)
   p = stringprep_locale_to_utf8 (buf);
   if (p)
     {
-      strcpy (buf, p);
+      strncpy (buf, p, sizeof (buf) - 1);
+      buf[sizeof (buf) - 1] = '\0';
       free (p);
     }
   else
diff --git a/examples/example5.c b/examples/example5.c
index 3f2d7533..97265d55 100644
--- a/examples/example5.c
+++ b/examples/example5.c
@@ -74,7 +74,8 @@ main (void)
   p = stringprep_locale_to_utf8 (buf);
   if (p)
     {
-      strcpy (buf, p);
+      strncpy (buf, p, sizeof (buf) - 1);
+      buf[sizeof (buf) - 1] = '\0';
       free (p);
     }
   else
-- 
2.25.1