Improve bounds checking

No particular crashes, but replace strcpy / strncpy with snprintf and GLib functions wherever possible.
2026-01-02 12:27:09 +08:00 · 2020-12-28 20:12:39 -05:00
parent 31d8bc13aa
commit 2bb31f05ee
11 changed files with 42 additions and 54 deletions
--- a/src/util/mdb-sql.c
+++ b/src/util/mdb-sql.c
@@ -78,10 +78,8 @@ int i = 0;
 			break;
 		}
 	}
-	buf = (char *) malloc(strlen(line)+1);
-	strcpy(buf,line);

-	return buf;
+	return g_strdup(line);
 }
 #endif

@@ -425,7 +423,7 @@ main(int argc, char **argv)
 			} else if (s[strlen(s)-1]=='\n')
 				s[strlen(s)-1]=0;
 		} else {
-			sprintf(prompt, "%d => ", line);
+			snprintf(prompt, sizeof(prompt), "%d => ", line);
 			s=readline(prompt);
 			if (!s)
 				break;