summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorPablo Barciela <[email protected]>2019-03-20 11:15:17 +0100
committerZenWalker <[email protected]>2019-03-21 00:47:51 +0100
commitfa8a49fbd90ea36029559740ec16ff851ff933e5 (patch)
tree49c4ae332e3b3bb8864f4066895642a7e38b5065 /README
parentba0222aace9e747be536d5c37729d61de6269f34 (diff)
downloadengrampa-fa8a49fbd90ea36029559740ec16ff851ff933e5.tar.bz2
engrampa-fa8a49fbd90ea36029559740ec16ff851ff933e5.tar.xz
[Security] fr-process: avoid 'strcpy' and 'strcat'
Use 'g_strlcpy' instead of 'strcpy', and 'g_strlcat' instead of 'strcat' Fixes Clang static analyzer warnings: fr-process.c:696:5: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(rarfile, argv[2]); ^~~~~~ fr-process.c:698:5: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(rarfile, "part1.rar"); ^~~~~~ fr-process.c:705:32: warning: Out of bound memory access (accessed memory precedes memory block) rarfile[strlen(rarfile)-5]=0; ~~~~~~~~~~~~~~~~~~~~~~~~~~^~
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions