These naked strcpy()s scare me

author: Rasmus Lerdorf <rasmus@php.net> 2011-08-07 00:18:38 +0000
committer: Rasmus Lerdorf <rasmus@php.net> 2011-08-07 00:18:38 +0000
commit: c70aa9436acb5f221d86c991761146b7f0bf9f8d (patch)
tree: ed69e364e8a09abcf19d321e95724df8e7696118 /ext/ereg
parent: 71af9259e3362fb1735b4b0b3d5f495f36f63285 (diff)
download: php-git-c70aa9436acb5f221d86c991761146b7f0bf9f8d.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/ereg/ereg.c b/ext/ereg/ereg.c
index 3fbaa2cc63..c2b065210a 100644
--- a/ext/ereg/ereg.c
+++ b/ext/ereg/ereg.c
@@ -474,7 +474,7 @@ PHP_EREG_API char *php_ereg_replace(const char *pattern, const char *replace, co
 			if (new_l + 1 > buf_len) {
 				buf_len = 1 + buf_len + 2 * new_l;
 				nbuf = emalloc(buf_len);
-				strcpy(nbuf, buf);
+				strncpy(nbuf, buf, buf_len-1);
 				efree(buf);
 				buf = nbuf;
 			}
@@ -511,7 +511,7 @@ PHP_EREG_API char *php_ereg_replace(const char *pattern, const char *replace, co
 				if (new_l + 1 > buf_len) {
 					buf_len = 1 + buf_len + 2 * new_l;
 					nbuf = safe_emalloc(buf_len, sizeof(char), 0);
-					strcpy(nbuf, buf);
+					strncpy(nbuf, buf, buf_len-1);
 					efree(buf);
 					buf = nbuf;
 				}
@@ -526,7 +526,7 @@ PHP_EREG_API char *php_ereg_replace(const char *pattern, const char *replace, co
 			if (new_l + 1 > buf_len) {
 				buf_len = new_l + 1; /* now we know exactly how long it is */
 				nbuf = safe_emalloc(buf_len, sizeof(char), 0);
-				strcpy(nbuf, buf);
+				strncpy(nbuf, buf, buf_len-1);
 				efree(buf);
 				buf = nbuf;
 			}
author	Rasmus Lerdorf <rasmus@php.net>	2011-08-07 00:18:38 +0000
committer	Rasmus Lerdorf <rasmus@php.net>	2011-08-07 00:18:38 +0000
commit	c70aa9436acb5f221d86c991761146b7f0bf9f8d (patch)
tree	ed69e364e8a09abcf19d321e95724df8e7696118 /ext/ereg
parent	71af9259e3362fb1735b4b0b3d5f495f36f63285 (diff)
download	php-git-c70aa9436acb5f221d86c991761146b7f0bf9f8d.tar.gz