This strcpy will never overflow because it's copying from baked-in test data. But we would prefer to avoid strcpy entirely, as it makes it harder to audit for real security bugs.
Signed-off-by: Jeff King <[email protected]> --- Repost of <[email protected]> from a few weeks ago (sorry, gmane is down so I can't generate a link). I think the original was never applied because the topic that introduced the strcpy (js/dirname-basename) predated xsnprintf, so there was some merging complexity. Now that topic is in master, so this can be applied there. test-path-utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-path-utils.c b/test-path-utils.c index c3adcd8..6232dfe 100644 --- a/test-path-utils.c +++ b/test-path-utils.c @@ -56,7 +56,7 @@ static int test_function(struct test_data *data, char *(*func)(char *input), if (!data[i].from) to = func(NULL); else { - strcpy(buffer, data[i].from); + xsnprintf(buffer, sizeof(buffer), "%s", data[i].from); to = func(buffer); } if (!strcmp(to, data[i].to)) -- 2.7.1.526.gd04f550 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
