Use bounds checking string functions everywhere

Replace strcpy, strcat, sprintf with strlcpy, strlcat, snprintf everywhere, even where there were already bounds checks in place, to reduce time spent checking static analysis results. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2019-08-03 18:19:11 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2019-08-03 19:31:14 -0700
commit: 2178c7445a3464bd69637ad91a2dd0320a60e0df (patch)
tree: f8859af93eafcf4e321ab8170567070bcf00c057 /src/fontfile/fontdir.c
parent: d4c941ea8b1dc07a14efce656bff58d31a14c985 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c
index 996b7d1..2cc97b4 100644
--- a/src/fontfile/fontdir.c
+++ b/src/fontfile/fontdir.c
@@ -34,6 +34,7 @@ in this Software without prior written authorization from The Open Group.
 #include "libxfontint.h"
 #include    <X11/fonts/fntfilst.h>
 #include    <X11/keysym.h>
+#include "src/util/replace.h"
 
 #if HAVE_STDINT_H
 #include <stdint.h>
@@ -152,11 +153,11 @@ FontFileMakeDir(const char *dirName, int size)
     else
 	dir->attributes = NULL;
     strncpy(dir->directory, dirName, dirlen);
-    dir->directory[dirlen] = '\0';
-    if (dir->attributes)
-	strcpy(dir->attributes, attrib);
     if (needslash)
-	strcat(dir->directory, "/");
+	dir->directory[dirlen] = '/';
+    dir->directory[dirlen + needslash] = '\0';
+    if (dir->attributes)
+	strlcpy(dir->attributes, attrib, attriblen + 1);
     return dir;
 }
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2019-08-03 18:19:11 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2019-08-03 19:31:14 -0700
commit	2178c7445a3464bd69637ad91a2dd0320a60e0df (patch)
tree	f8859af93eafcf4e321ab8170567070bcf00c057 /src/fontfile/fontdir.c
parent	d4c941ea8b1dc07a14efce656bff58d31a14c985 (diff)