cursor/os-compatibility: remove strcpy/strcat usage

These functions don't perform bounds checking, so they are easy to misuse and complicate audits. Signed-off-by: Simon Ser <contact@emersion.fr>
author: Simon Ser <contact@emersion.fr> 2022-06-04 22:56:36 +0200
committer: Simon Ser <contact@emersion.fr> 2022-06-04 22:58:47 +0200
commit: 0297c2c47ad7321444add0be6cb8bf68cf270aac (patch)
tree: 20305d36920adf15e2156618d59ba2c123a6b0d4 /cursor
parent: 355c8e885c559354590c1a94a9aadf7030642151 (diff)
download: wayland-0297c2c47ad7321444add0be6cb8bf68cf270aac.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/cursor/os-compatibility.c b/cursor/os-compatibility.c
index 8d51e52..9c84d68 100644
--- a/cursor/os-compatibility.c
+++ b/cursor/os-compatibility.c
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <string.h>
+#include <stdio.h>
 #include <stdlib.h>
 
 #ifdef HAVE_MEMFD_CREATE
@@ -118,6 +119,7 @@ os_create_anonymous_file(off_t size)
 	static const char template[] = "/wayland-cursor-shared-XXXXXX";
 	const char *path;
 	char *name;
+	size_t name_size;
 	int fd;
 
 #ifdef HAVE_MEMFD_CREATE
@@ -139,12 +141,12 @@ os_create_anonymous_file(off_t size)
 			return -1;
 		}
 
-		name = malloc(strlen(path) + sizeof(template));
+		name_size = strlen(path) + sizeof(template);
+		name = malloc(name_size);
 		if (!name)
 			return -1;
 
-		strcpy(name, path);
-		strcat(name, template);
+		snprintf(name, name_size, "%s%s", path, template);
 
 		fd = create_tmpfile_cloexec(name);
author	Simon Ser <contact@emersion.fr>	2022-06-04 22:56:36 +0200
committer	Simon Ser <contact@emersion.fr>	2022-06-04 22:58:47 +0200
commit	0297c2c47ad7321444add0be6cb8bf68cf270aac (patch)
tree	20305d36920adf15e2156618d59ba2c123a6b0d4 /cursor
parent	355c8e885c559354590c1a94a9aadf7030642151 (diff)
download	wayland-0297c2c47ad7321444add0be6cb8bf68cf270aac.tar.gz