diff options
author | Martin Matuska <martin@matuska.de> | 2022-12-08 00:04:54 +0100 |
---|---|---|
committer | Martin Matuska <martin@matuska.de> | 2022-12-08 00:04:54 +0100 |
commit | 673d82c57ca7dd098dfd421250b0c3289825e837 (patch) | |
tree | d68a5cf38fda3d4327435b076df067531cf1c6c7 /test_utils/test_main.c | |
parent | 43e1fe8e308b601a77e5d0fa80bff8db4f3577a7 (diff) | |
download | libarchive-673d82c57ca7dd098dfd421250b0c3289825e837.tar.gz |
tests: silence more CodeQL warnings in test_utils/test_main.c
Catch one more uncatched strcpy() and strcat()
Diffstat (limited to 'test_utils/test_main.c')
-rw-r--r-- | test_utils/test_main.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/test_utils/test_main.c b/test_utils/test_main.c index f6d99248..fd5c6da7 100644 --- a/test_utils/test_main.c +++ b/test_utils/test_main.c @@ -4066,6 +4066,7 @@ main(int argc, char **argv) { char *testprg; + int testprg_len; #if defined(_WIN32) && !defined(__CYGWIN__) /* Command.com sometimes rejects '/' separators. */ testprg = strdup(testprogfile); @@ -4076,10 +4077,11 @@ main(int argc, char **argv) testprogfile = testprg; #endif /* Quote the name that gets put into shell command lines. */ - testprg = malloc(strlen(testprogfile) + 3); - strcpy(testprg, "\""); - strcat(testprg, testprogfile); - strcat(testprg, "\""); + testprg_len = strlen(testprogfile) + 3; + testprg = malloc(testprg_len); + strncpy(testprg, "\"", testprg_len); + strncat(testprg, testprogfile, testprg_len); + strncat(testprg, "\"", testprg_len); testprog = testprg; } #endif |