On Wed, Sep 21, 2016 at 1:32 AM, ChunEon Park <her...@hermet.pe.kr> wrote:
> hermet pushed a commit to branch master.
>
> http://git.enlightenment.org/core/efl.git/commit/?id=ab1a72f5e7df6fe0adef54bdcddd9867a2ebe3a6
>
> commit ab1a72f5e7df6fe0adef54bdcddd9867a2ebe3a6
> Author: Hermet Park <her...@hermet.pe.kr>
> Date:   Wed Sep 21 13:30:44 2016 +0900
>
>     edje/edje_cc: use strncpy() instead of strcpy().
>
>     strncpy() is better for security.
>     Also, this change avoids annoying coverity detection.
> ---
>  src/bin/edje/edje_cc_parse.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/bin/edje/edje_cc_parse.c b/src/bin/edje/edje_cc_parse.c
> index 525c71d..efabe22 100644
> --- a/src/bin/edje/edje_cc_parse.c
> +++ b/src/bin/edje/edje_cc_parse.c
> @@ -391,7 +391,7 @@ next_token(char *p, char *end, char **new_p, int *delim)
>               l = sscanf(tmpstr, "%*s %i \"%[^\"]\"", &nm, fl);
>               if (l == 2)
>                 {
> -                  strcpy(file_buf, fl);
> +                  strncpy(file_buf, fl, sizeof(file_buf));
>                    line = nm;
>                    file_in = file_buf;
>                 }


the proper function to call is eina_strlcpy(), it will use strlcpy()
if available, otherwise will ensure the nul byte.



-- 
Gustavo Sverzut Barbieri
--------------------------------------
Mobile: +55 (16) 99354-9890

------------------------------------------------------------------------------
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to