Improve bounds checking

No particular crashes, but replace strcpy / strncpy with snprintf
and GLib functions wherever possible.

src/libmdb/backend.c

@@ -493,23 +493,18 @@ mdb_get_index_name(int backend, MdbTableDef *table, MdbIndex *idx)
 	switch(backend){
 		case MDB_BACKEND_MYSQL:
 			// appending table name to index often makes it too long for mysql
-			index_name = malloc(strlen(idx->name)+5+1);
 			if (idx->index_type==1)
 				// for mysql name of primary key is not used
-				strcpy(index_name, "_pkey");
+				index_name = g_strdup("_pkey");
 			else {
-				strcpy(index_name, idx->name);
+				index_name = g_strdup(idx->name);
 			}
 			break;
 		default:
-			index_name = malloc(strlen(table->name)+strlen(idx->name)+5+1);
-			strcpy(index_name, table->name);
 			if (idx->index_type==1)
-				strcat(index_name, "_pkey");
+				index_name = g_strconcat(table->name, "_pkey", NULL);
 			else {
-				strcat(index_name, "_");
-				strcat(index_name, idx->name);
-				strcat(index_name, "_idx");
+				index_name = g_strconcat(table->name, "_", idx->name, "_idx", NULL);
 			}
 	}
 

src/libmdb/catalog.c

@@ -87,7 +87,7 @@ GPtrArray *mdb_read_catalog (MdbHandle *mdb, int objtype)
 	msysobj.mdb = mdb;
 	msysobj.object_type = MDB_TABLE;
 	msysobj.table_pg = 2;
-	strcpy(msysobj.object_name, "MSysObjects");
+	snprintf(msysobj.object_name, sizeof(msysobj.object_name), "%s", "MSysObjects");
 
 	/* mdb_table_dump(&msysobj); */
 
@@ -125,7 +125,7 @@ GPtrArray *mdb_read_catalog (MdbHandle *mdb, int objtype)
 			//	(atol(obj_id) & 0x00FFFFFF), type, type, obj_name);
 			entry = (MdbCatalogEntry *) g_malloc0(sizeof(MdbCatalogEntry));
 			entry->mdb = mdb;
-			strcpy(entry->object_name, obj_name);
+			snprintf(entry->object_name, sizeof(entry->object_name), "%s", obj_name);
 			entry->object_type = (type & 0x7F);
 			entry->table_pg = atol(obj_id) & 0x00FFFFFF;
 			entry->flags = atol(obj_flags);

src/libmdb/iconv.c

@@ -188,8 +188,9 @@ mdb_ascii2unicode(MdbHandle *mdb, const char *src, size_t slen, char *dest, size
 	dlen -= len_out;
 #else
 	if (IS_JET3(mdb)) {
-		dlen = MIN(len_in, len_out);
-		strncpy(out_ptr, in_ptr, dlen);
+		int count;
+		snprintf(out_ptr, len_out, "%*s%n", (int)len_in, in_ptr, &count);
+		dlen = count;
 	} else {
 		unsigned int i;
 		slen = MIN(len_in, len_out/2);

src/libmdb/props.c

@@ -123,9 +123,7 @@ mdb_read_props(MdbHandle *mdb, GPtrArray *names, gchar *kkd, int len)
 		dsize = mdb_get_int16(kkd, pos + 6);
 		if (dsize < 0 || pos + 8 + dsize > len)
 			break;
-		value = g_malloc(dsize + 1);
-		strncpy(value, &kkd[pos + 8], dsize);
-		value[dsize] = '\0';
+		value = g_strdup_printf("%*s", dsize, &kkd[pos+8]);
 		name = g_ptr_array_index(names,elem);
 		if (mdb_get_option(MDB_DEBUG_PROPS)) {
 			fprintf(stderr, "%02d ",i++);

src/libmdb/sargs.c

@@ -100,7 +100,7 @@ int mdb_test_int(MdbSargNode *node, gint32 i)
 static double poor_mans_trunc(double x)
 {
 	char buf[16];
-	sprintf(buf, "%.6f", x);
+	snprintf(buf, sizeof(buf), "%.6f", x);
 	sscanf(buf, "%lf", &x);
 	return x;
 }

src/libmdb/table.c

@@ -34,7 +34,7 @@ MdbTableDef *mdb_alloc_tabledef(MdbCatalogEntry *entry)
 
 	table = (MdbTableDef *) g_malloc0(sizeof(MdbTableDef));
 	table->entry=entry;
-	strcpy(table->name, entry->object_name);
+	snprintf(table->name, sizeof(table->name), "%s", entry->object_name);
 
 	return table;	
 }

src/libmdb/worktable.c

@@ -27,7 +27,7 @@ void
 mdb_fill_temp_col(MdbColumn *tcol, char *col_name, int col_size, int col_type, int is_fixed)
 {
 	memset(tcol,0,sizeof(MdbColumn));
-	strcpy(tcol->name, col_name);
+	snprintf(tcol->name, sizeof(tcol->name), "%s", col_name);
 	tcol->col_type = col_type;
 	if ((col_type == MDB_TEXT) || (col_type == MDB_MEMO)) {
 		tcol->col_size = col_size;
@@ -57,7 +57,7 @@ mdb_create_temp_table(MdbHandle *mdb, char *name)
 	entry->mdb = mdb;
 	entry->object_type = MDB_TABLE;
 	entry->table_pg = 0;
-	strcpy(entry->object_name, name);
+	snprintf(entry->object_name, sizeof(entry->object_name), "%s", name);
 
 	table = mdb_alloc_tabledef(entry);
 	table->columns = g_ptr_array_new();