From 8eedb8b7fa80c1e6cbf67c0d9543c8e5dcb6684f Mon Sep 17 00:00:00 2001 From: Pablo Barciela Date: Sun, 17 Mar 2019 02:24:41 +0100 Subject: [Security] Use 'g_strlcpy' instead of 'strcpy' Fixes Clang static analyzer warnings: mate-rr-config.c:549:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy (output->priv->vendor, "???"); ^~~~~~ mate-desktop-item.c:2118:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy (the_exec, exec); ^~~~~~ --- libmate-desktop/mate-rr-config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libmate-desktop/mate-rr-config.c') diff --git a/libmate-desktop/mate-rr-config.c b/libmate-desktop/mate-rr-config.c index 6048db0..09d2b8f 100644 --- a/libmate-desktop/mate-rr-config.c +++ b/libmate-desktop/mate-rr-config.c @@ -546,7 +546,7 @@ mate_rr_config_load_current (MateRRConfig *config, GError **error) } else { - strcpy (output->priv->vendor, "???"); + g_strlcpy (output->priv->vendor, "???", sizeof (output->priv->vendor)); output->priv->product = 0; output->priv->serial = 0; } -- cgit v1.2.1