From 43e1fe8e308b601a77e5d0fa80bff8db4f3577a7 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.de>
Date: Wed, 7 Dec 2022 16:02:48 +0100
Subject: tests: silence some CodeQL warnings in test_utils/test_main.c

Use fchmod() instead of chmod() if available
Use strncpy() and strncat() instead of strcpy() and strcat()
---
 test_utils/test_main.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/test_utils/test_main.c b/test_utils/test_main.c
index 587301cf..f6d99248 100644
--- a/test_utils/test_main.c
+++ b/test_utils/test_main.c
@@ -1970,7 +1970,12 @@ assertion_make_file(const char *file, int line,
 		failure_finish(NULL);
 		return (0);
 	}
-	if (0 != chmod(path, mode)) {
+#ifdef HAVE_FCHMOD
+	if (0 != fchmod(fd, mode))
+#else
+	if (0 != chmod(path, mode))
+#endif
+	{
 		failure_start(file, line, "Could not chmod %s", path);
 		failure_finish(NULL);
 		close(fd);
@@ -3859,6 +3864,10 @@ main(int argc, char **argv)
 	static const int limit = sizeof(tests) / sizeof(tests[0]);
 	int test_set[sizeof(tests) / sizeof(tests[0])];
 	int i = 0, j = 0, tests_run = 0, tests_failed = 0, option;
+	int testprogdir_len;
+#ifdef PROGRAM	
+	int tmp2_len;
+#endif
 	time_t now;
 	char *refdir_alloc = NULL;
 	const char *progname;
@@ -3895,12 +3904,13 @@ main(int argc, char **argv)
 	 * tree.
 	 */
 	progname = p = argv[0];
-	if ((testprogdir = (char *)malloc(strlen(progname) + 1)) == NULL)
+	testprogdir_len = strlen(progname) + 1;
+	if ((testprogdir = (char *)malloc(testprogdir_len)) == NULL)
 	{
 		fprintf(stderr, "ERROR: Out of memory.");
 		exit(1);
 	}
-	strcpy(testprogdir, progname);
+	strncpy(testprogdir, progname, testprogdir_len);
 	while (*p != '\0') {
 		/* Support \ or / dir separators for Windows compat. */
 		if (*p == '/' || *p == '\\')
@@ -4042,15 +4052,15 @@ main(int argc, char **argv)
 #ifdef PROGRAM
 	if (testprogfile == NULL)
 	{
-		if ((tmp2 = (char *)malloc(strlen(testprogdir) + 1 +
-			strlen(PROGRAM) + 1)) == NULL)
+		tmp2_len = strlen(testprogdir) + 1 + strlen(PROGRAM) + 1;
+		if ((tmp2 = (char *)malloc(tmp2_len)) == NULL)
 		{
 			fprintf(stderr, "ERROR: Out of memory.");
 			exit(1);
 		}
-		strcpy(tmp2, testprogdir);
-		strcat(tmp2, "/");
-		strcat(tmp2, PROGRAM);
+		strncpy(tmp2, testprogdir, tmp2_len);
+		strncat(tmp2, "/", tmp2_len);
+		strncat(tmp2, PROGRAM, tmp2_len);
 		testprogfile = tmp2;
 	}
 
-- 
cgit v1.2.1