devilhorns pushed a commit to branch feature/security. http://git.enlightenment.org/core/efl.git/commit/?id=936e4acd75d009a56446b46bd4328b6c92fe6ce5
commit 936e4acd75d009a56446b46bd4328b6c92fe6ce5 Author: Chris Michael <cp.mich...@samsung.com> Date: Thu May 10 10:47:37 2018 -0400 edje: Remove use of insecure strcat function As per the sonar report, the usage of strcat is insecure. This patch modifies the code slightly to use the more secure strncat function in order to avoid potential buffer overflow vulnerability. @fix Differential Revision: https://phab.enlightenment.org/D6150 --- src/bin/edje/edje_cc_handlers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/edje/edje_cc_handlers.c b/src/bin/edje/edje_cc_handlers.c index 6d987edb8f..4d0a319943 100644 --- a/src/bin/edje/edje_cc_handlers.c +++ b/src/bin/edje/edje_cc_handlers.c @@ -11341,7 +11341,7 @@ st_collections_group_parts_part_description_text_text(void) else { str = realloc(str, strlen(str) + strlen(s) + 1); - strcat(str, s); + strncat(str, s, strlen(str) + strlen(s) + 1); free(s); } } --