From ad07330e1a39bc4469aa9c085a34750f8c505266 Mon Sep 17 00:00:00 2001
From: Pablo Barciela <scow@riseup.net>
Date: Sat, 23 Feb 2019 13:35:40 +0100
Subject: [Security] Use 'g_strlcpy' instead of 'strcpy'

to avoid warnings with Clang Analyzer
---
 libcaja-private/caja-file-operations.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'libcaja-private')

diff --git a/libcaja-private/caja-file-operations.c b/libcaja-private/caja-file-operations.c
index 51481db0..a12d730c 100644
--- a/libcaja-private/caja-file-operations.c
+++ b/libcaja-private/caja-file-operations.c
@@ -6545,10 +6545,10 @@ mark_desktop_file_trusted (CommonJob *common,
 	}
 
 	if (!g_str_has_prefix (contents, "#!")) {
-		new_length = length + strlen (TRUSTED_SHEBANG);
-		new_contents = g_malloc (new_length);
+		new_length = length + strlen (TRUSTED_SHEBANG) + 1;
+		new_contents = g_malloc0 (new_length);
 
-		strcpy (new_contents, TRUSTED_SHEBANG);
+		g_strlcpy (new_contents, TRUSTED_SHEBANG, new_length);
 		memcpy (new_contents + strlen (TRUSTED_SHEBANG),
 			contents, length);
 
-- 
cgit v1.2.1