From 64fc565765f77cc51dead0c1e78f4dac02bcd070 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Tue, 9 Aug 2011 12:16:58 +0000
Subject: Avoiding strcpy, strcat, sprintf usage to make static analyzer happy

---
 ext/xml/xml.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/xml')

diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index 6788c86bc3..78237c0bb3 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -950,7 +950,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
 					if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
 						int newlen = Z_STRLEN_PP(myval) + decoded_len;
 						Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-						strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+						strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
 						Z_STRLEN_PP(myval) += decoded_len;
 						efree(decoded_value);
 					} else {
@@ -970,7 +970,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
 								if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
 									int newlen = Z_STRLEN_PP(myval) + decoded_len;
 									Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-									strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+									strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
 									Z_STRLEN_PP(myval) += decoded_len;
 									efree(decoded_value);
 									return;
-- 
cgit v1.2.1