laruence Tue, 09 Aug 2011 12:16:58 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=314641
Log: Avoiding strcpy, strcat, sprintf usage to make static analyzer happy Changed paths: U php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c U php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih U php/php-src/branches/PHP_5_3/ext/standard/crypt.c U php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c U php/php-src/branches/PHP_5_3/ext/standard/proc_open.c U php/php-src/branches/PHP_5_3/ext/standard/user_filters.c U php/php-src/branches/PHP_5_3/ext/xml/xml.c U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/branches/PHP_5_3/main/streams/filter.c U php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c U php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih U php/php-src/branches/PHP_5_4/ext/standard/crypt.c U php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c U php/php-src/branches/PHP_5_4/ext/standard/proc_open.c U php/php-src/branches/PHP_5_4/ext/standard/user_filters.c U php/php-src/branches/PHP_5_4/ext/xml/xml.c U php/php-src/branches/PHP_5_4/main/fopen_wrappers.c U php/php-src/branches/PHP_5_4/main/streams/filter.c U php/php-src/trunk/ext/ereg/regex/regerror.c U php/php-src/trunk/ext/ereg/regex/regerror.ih U php/php-src/trunk/ext/ereg/regex.patch U php/php-src/trunk/ext/standard/crypt.c U php/php-src/trunk/ext/standard/http_fopen_wrapper.c U php/php-src/trunk/ext/standard/proc_open.c U php/php-src/trunk/ext/standard/user_filters.c U php/php-src/trunk/ext/xml/xml.c U php/php-src/trunk/main/fopen_wrappers.c U php/php-src/trunk/main/streams/filter.c
Modified: php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -74,7 +74,7 @@ char convbuf[50]; if (errcode == REG_ATOI) - s = regatoi(preg, convbuf); + s = regatoi(preg, convbuf, sizeof(convbuf)); else { for (r = rerrs; r->code >= 0; r++) if (r->code == target) @@ -84,7 +84,7 @@ if (r->code >= 0) (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); + snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); s = convbuf; } else @@ -106,12 +106,13 @@ /* - regatoi - internal routine to implement REG_ATOI - == static char *regatoi(const regex_t *preg, char *localbuf); + == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); */ static char * -regatoi(preg, localbuf) +regatoi(preg, localbuf, bufsize) const regex_t *preg; char *localbuf; +int bufsize; { register const struct rerr *r; @@ -121,6 +122,6 @@ if (r->code < 0) return("0"); - sprintf(localbuf, "%d", r->code); + snprintf(localbuf, bufsize, "%d", r->code); return(localbuf); } Modified: php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih =================================================================== --- php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih 2011-08-09 12:16:58 UTC (rev 314641) @@ -4,7 +4,7 @@ #endif /* === regerror.c === */ -static char *regatoi(const regex_t *preg, char *localbuf); +static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); #ifdef __cplusplus } Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -170,10 +170,10 @@ /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ if (!*salt) { #if PHP_MD5_CRYPT - strcpy(salt, "$1$"); + strncpy(salt, "$1$", PHP_MAX_SALT_LEN); php_to64(&salt[3], PHP_CRYPT_RAND, 4); php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strcpy(&salt[11], "$"); + strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); #elif PHP_STD_DES_CRYPT php_to64(&salt[0], PHP_CRYPT_RAND, 2); salt[2] = '\0'; Modified: php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -330,7 +330,7 @@ scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); scratch = emalloc(scratch_len); strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + strncat(scratch, " ", 1); } } } @@ -344,7 +344,7 @@ if (!scratch) { scratch_len = strlen(path) + 29 + protocol_version_len; scratch = emalloc(scratch_len); - strcpy(scratch, "GET "); + strncpy(scratch, "GET ", scratch_len); } /* Should we send the entire path in the request line, default to no. */ Modified: php/php-src/branches/PHP_5_3/ext/standard/proc_open.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/proc_open.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/standard/proc_open.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -183,8 +183,8 @@ l = string_length + el_len + 1; memcpy(p, string_key, string_length); - strcat(p, "="); - strcat(p, data); + strncat(p, "=", 1); + strncat(p, data, el_len); #ifndef PHP_WIN32 *ep = p; Modified: php/php-src/branches/PHP_5_3/ext/standard/user_filters.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/user_filters.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/standard/user_filters.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -311,7 +311,7 @@ period = wildcard + (period - filtername); while (period) { *period = '\0'; - strcat(wildcard, ".*"); + strncat(wildcard, ".*", 2); if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) { period = NULL; } else { Modified: php/php-src/branches/PHP_5_3/ext/xml/xml.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/xml/xml.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/ext/xml/xml.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -1050,7 +1050,7 @@ if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); } else { @@ -1070,7 +1070,7 @@ if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); return; Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c =================================================================== --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -463,7 +463,8 @@ #endif if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) && IS_ABSOLUTE_PATH(PG(doc_root), length)) { - filename = emalloc(length + strlen(path_info) + 2); + int path_len = strlen(path_info); + filename = emalloc(length + path_len + 2); if (filename) { memcpy(filename, PG(doc_root), length); if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */ @@ -472,7 +473,7 @@ if (IS_SLASH(path_info[0])) { length--; } - strcpy(filename + length, path_info); + strncpy(filename + length, path_len + 1); } } else { filename = SG(request_info).path_translated; Modified: php/php-src/branches/PHP_5_3/main/streams/filter.c =================================================================== --- php/php-src/branches/PHP_5_3/main/streams/filter.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_3/main/streams/filter.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -270,7 +270,7 @@ period = wildname + (period - filtername); while (period && !filter) { *period = '\0'; - strcat(wildname, ".*"); + strncat(wildname, ".*", 2); if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) { filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC); } Modified: php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -74,7 +74,7 @@ char convbuf[50]; if (errcode == REG_ATOI) - s = regatoi(preg, convbuf); + s = regatoi(preg, convbuf, sizeof(convbuf)); else { for (r = rerrs; r->code >= 0; r++) if (r->code == target) @@ -84,7 +84,7 @@ if (r->code >= 0) (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); + snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); s = convbuf; } else @@ -106,12 +106,13 @@ /* - regatoi - internal routine to implement REG_ATOI - == static char *regatoi(const regex_t *preg, char *localbuf); + == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); */ static char * -regatoi(preg, localbuf) +regatoi(preg, localbuf, bufsize) const regex_t *preg; char *localbuf; +int bufsize; { register const struct rerr *r; @@ -121,6 +122,6 @@ if (r->code < 0) return("0"); - sprintf(localbuf, "%d", r->code); + snprintf(localbuf, bufsize, "%d", r->code); return(localbuf); } Modified: php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih =================================================================== --- php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih 2011-08-09 12:16:58 UTC (rev 314641) @@ -4,7 +4,7 @@ #endif /* === regerror.c === */ -static char *regatoi(const regex_t *preg, char *localbuf); +static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); #ifdef __cplusplus } Modified: php/php-src/branches/PHP_5_4/ext/standard/crypt.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/crypt.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/standard/crypt.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -170,10 +170,10 @@ /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ if (!*salt) { #if PHP_MD5_CRYPT - strcpy(salt, "$1$"); + strncpy(salt, "$1$", PHP_MAX_SALT_LEN); php_to64(&salt[3], PHP_CRYPT_RAND, 4); php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strcpy(&salt[11], "$"); + strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); #elif PHP_STD_DES_CRYPT php_to64(&salt[0], PHP_CRYPT_RAND, 2); salt[2] = '\0'; Modified: php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -330,7 +330,7 @@ scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); scratch = emalloc(scratch_len); strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + strncat(scratch, " ", 1); } } } @@ -344,7 +344,7 @@ if (!scratch) { scratch_len = strlen(path) + 29 + protocol_version_len; scratch = emalloc(scratch_len); - strcpy(scratch, "GET "); + strncpy(scratch, "GET ", scratch_len); } /* Should we send the entire path in the request line, default to no. */ Modified: php/php-src/branches/PHP_5_4/ext/standard/proc_open.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/proc_open.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/standard/proc_open.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -155,8 +155,8 @@ l = string_length + el_len + 1; memcpy(p, string_key, string_length); - strcat(p, "="); - strcat(p, data); + strncat(p, "=", 1); + strncat(p, data, el_len); #ifndef PHP_WIN32 *ep = p; Modified: php/php-src/branches/PHP_5_4/ext/standard/user_filters.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/user_filters.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/standard/user_filters.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -311,7 +311,7 @@ period = wildcard + (period - filtername); while (period) { *period = '\0'; - strcat(wildcard, ".*"); + strncat(wildcard, ".*", 2); if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) { period = NULL; } else { Modified: php/php-src/branches/PHP_5_4/ext/xml/xml.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/xml/xml.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/ext/xml/xml.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -950,7 +950,7 @@ if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); } else { @@ -970,7 +970,7 @@ if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); return; Modified: php/php-src/branches/PHP_5_4/main/fopen_wrappers.c =================================================================== --- php/php-src/branches/PHP_5_4/main/fopen_wrappers.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/main/fopen_wrappers.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -410,7 +410,8 @@ #endif if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) && IS_ABSOLUTE_PATH(PG(doc_root), length)) { - filename = emalloc(length + strlen(path_info) + 2); + int path_len = strlen(path_info); + filename = emalloc(length + path_len + 2); if (filename) { memcpy(filename, PG(doc_root), length); if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */ @@ -419,7 +420,7 @@ if (IS_SLASH(path_info[0])) { length--; } - strcpy(filename + length, path_info); + strncpy(filename + length, path_info, path_len + 1); } } else { filename = SG(request_info).path_translated; Modified: php/php-src/branches/PHP_5_4/main/streams/filter.c =================================================================== --- php/php-src/branches/PHP_5_4/main/streams/filter.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/branches/PHP_5_4/main/streams/filter.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -270,7 +270,7 @@ period = wildname + (period - filtername); while (period && !filter) { *period = '\0'; - strcat(wildname, ".*"); + strncat(wildname, ".*", 2); if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) { filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC); } Modified: php/php-src/trunk/ext/ereg/regex/regerror.c =================================================================== --- php/php-src/trunk/ext/ereg/regex/regerror.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/ereg/regex/regerror.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -74,7 +74,7 @@ char convbuf[50]; if (errcode == REG_ATOI) - s = regatoi(preg, convbuf); + s = regatoi(preg, convbuf, sizeof(convbuf)); else { for (r = rerrs; r->code >= 0; r++) if (r->code == target) @@ -84,7 +84,7 @@ if (r->code >= 0) (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); + snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); s = convbuf; } else @@ -106,12 +106,13 @@ /* - regatoi - internal routine to implement REG_ATOI - == static char *regatoi(const regex_t *preg, char *localbuf); + == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); */ static char * -regatoi(preg, localbuf) +regatoi(preg, localbuf, bufsize) const regex_t *preg; char *localbuf; +int bufsize; { register const struct rerr *r; @@ -121,6 +122,6 @@ if (r->code < 0) return("0"); - sprintf(localbuf, "%d", r->code); + snprintf(localbuf, bufsize, "%d", r->code); return(localbuf); } Modified: php/php-src/trunk/ext/ereg/regex/regerror.ih =================================================================== --- php/php-src/trunk/ext/ereg/regex/regerror.ih 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/ereg/regex/regerror.ih 2011-08-09 12:16:58 UTC (rev 314641) @@ -4,7 +4,7 @@ #endif /* === regerror.c === */ -static char *regatoi(const regex_t *preg, char *localbuf); +static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); #ifdef __cplusplus } Modified: php/php-src/trunk/ext/ereg/regex.patch =================================================================== --- php/php-src/trunk/ext/ereg/regex.patch 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/ereg/regex.patch 2011-08-09 12:16:58 UTC (rev 314641) @@ -1,12 +1,62 @@ +Only in regex: regcomp.lo +Only in regex: regcomp.o diff -u regex.orig/regerror.c regex/regerror.c ---- regex.orig/regerror.c 2011-08-09 17:31:11.000000000 +0800 -+++ regex/regerror.c 2011-08-09 17:29:53.000000000 +0800 -@@ -82,7 +82,7 @@ +--- regex.orig/regerror.c 2011-08-09 19:49:30.000000000 +0800 ++++ regex/regerror.c 2011-08-09 19:46:15.000000000 +0800 +@@ -74,7 +74,7 @@ + char convbuf[50]; + + if (errcode == REG_ATOI) +- s = regatoi(preg, convbuf); ++ s = regatoi(preg, convbuf, sizeof(convbuf)); + else { + for (r = rerrs; r->code >= 0; r++) + if (r->code == target) +@@ -82,9 +82,9 @@ if (errcode®_ITOA) { if (r->code >= 0) - (void) strcpy(convbuf, r->name); + (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); +- sprintf(convbuf, "REG_0x%x", target); ++ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); + s = convbuf; + } else +@@ -106,12 +106,13 @@ + + /* + - regatoi - internal routine to implement REG_ATOI +- == static char *regatoi(const regex_t *preg, char *localbuf); ++ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); + */ + static char * +-regatoi(preg, localbuf) ++regatoi(preg, localbuf, bufsize) + const regex_t *preg; + char *localbuf; ++int bufsize; + { + register const struct rerr *r; + +@@ -121,6 +122,6 @@ + if (r->code < 0) + return("0"); + +- sprintf(localbuf, "%d", r->code); ++ snprintf(localbuf, bufsize, "%d", r->code); + return(localbuf); + } +diff -u regex.orig/regerror.ih regex/regerror.ih +--- regex.orig/regerror.ih 2011-08-09 19:49:00.000000000 +0800 ++++ regex/regerror.ih 2011-08-09 19:41:07.000000000 +0800 +@@ -4,7 +4,7 @@ + #endif + + /* === regerror.c === */ +-static char *regatoi(const regex_t *preg, char *localbuf); ++static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); + + #ifdef __cplusplus + } Modified: php/php-src/trunk/ext/standard/crypt.c =================================================================== --- php/php-src/trunk/ext/standard/crypt.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/standard/crypt.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -170,10 +170,10 @@ /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ if (!*salt) { #if PHP_MD5_CRYPT - strcpy(salt, "$1$"); + strncpy(salt, "$1$", PHP_MAX_SALT_LEN); php_to64(&salt[3], PHP_CRYPT_RAND, 4); php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strcpy(&salt[11], "$"); + strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); #elif PHP_STD_DES_CRYPT php_to64(&salt[0], PHP_CRYPT_RAND, 2); salt[2] = '\0'; Modified: php/php-src/trunk/ext/standard/http_fopen_wrapper.c =================================================================== --- php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -330,7 +330,7 @@ scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); scratch = emalloc(scratch_len); strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + strncat(scratch, " ", 1); } } } @@ -344,7 +344,7 @@ if (!scratch) { scratch_len = strlen(path) + 29 + protocol_version_len; scratch = emalloc(scratch_len); - strcpy(scratch, "GET "); + strncpy(scratch, "GET ", scratch_len); } /* Should we send the entire path in the request line, default to no. */ Modified: php/php-src/trunk/ext/standard/proc_open.c =================================================================== --- php/php-src/trunk/ext/standard/proc_open.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/standard/proc_open.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -155,8 +155,8 @@ l = string_length + el_len + 1; memcpy(p, string_key, string_length); - strcat(p, "="); - strcat(p, data); + strncat(p, "=", 1); + strncat(p, data, el_len); #ifndef PHP_WIN32 *ep = p; Modified: php/php-src/trunk/ext/standard/user_filters.c =================================================================== --- php/php-src/trunk/ext/standard/user_filters.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/standard/user_filters.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -311,7 +311,7 @@ period = wildcard + (period - filtername); while (period) { *period = '\0'; - strcat(wildcard, ".*"); + strncat(wildcard, ".*", 2); if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) { period = NULL; } else { Modified: php/php-src/trunk/ext/xml/xml.c =================================================================== --- php/php-src/trunk/ext/xml/xml.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/ext/xml/xml.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -950,7 +950,7 @@ if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); } else { @@ -970,7 +970,7 @@ if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); return; Modified: php/php-src/trunk/main/fopen_wrappers.c =================================================================== --- php/php-src/trunk/main/fopen_wrappers.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/main/fopen_wrappers.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -410,7 +410,8 @@ #endif if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) && IS_ABSOLUTE_PATH(PG(doc_root), length)) { - filename = emalloc(length + strlen(path_info) + 2); + int path_len = strlen(path_info); + filename = emalloc(length + path_len + 2); if (filename) { memcpy(filename, PG(doc_root), length); if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */ @@ -419,7 +420,7 @@ if (IS_SLASH(path_info[0])) { length--; } - strcpy(filename + length, path_info); + strncpy(filename + length, path_info, path_len + 1); } } else { filename = SG(request_info).path_translated; Modified: php/php-src/trunk/main/streams/filter.c =================================================================== --- php/php-src/trunk/main/streams/filter.c 2011-08-09 12:16:32 UTC (rev 314640) +++ php/php-src/trunk/main/streams/filter.c 2011-08-09 12:16:58 UTC (rev 314641) @@ -270,7 +270,7 @@ period = wildname + (period - filtername); while (period && !filter) { *period = '\0'; - strcat(wildname, ".*"); + strncat(wildname, ".*", 2); if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) { filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php