From 673d82c57ca7dd098dfd421250b0c3289825e837 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.de>
Date: Thu, 8 Dec 2022 00:04:54 +0100
Subject: tests: silence more CodeQL warnings in test_utils/test_main.c

Catch one more uncatched strcpy() and strcat()
---
 test_utils/test_main.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/test_utils/test_main.c b/test_utils/test_main.c
index f6d99248..fd5c6da7 100644
--- a/test_utils/test_main.c
+++ b/test_utils/test_main.c
@@ -4066,6 +4066,7 @@ main(int argc, char **argv)
 
 	{
 		char *testprg;
+		int testprg_len;
 #if defined(_WIN32) && !defined(__CYGWIN__)
 		/* Command.com sometimes rejects '/' separators. */
 		testprg = strdup(testprogfile);
@@ -4076,10 +4077,11 @@ main(int argc, char **argv)
 		testprogfile = testprg;
 #endif
 		/* Quote the name that gets put into shell command lines. */
-		testprg = malloc(strlen(testprogfile) + 3);
-		strcpy(testprg, "\"");
-		strcat(testprg, testprogfile);
-		strcat(testprg, "\"");
+		testprg_len = strlen(testprogfile) + 3;
+		testprg = malloc(testprg_len);
+		strncpy(testprg, "\"", testprg_len);
+		strncat(testprg, testprogfile, testprg_len);
+		strncat(testprg, "\"", testprg_len);
 		testprog = testprg;
 	}
 #endif
-- 
cgit v1.2.1