[Xfce4-commits] [apps/orage] 01/01: 4.11.2.8 Coverity fix 31715-31717 strcpy without length check
noreply at xfce.org
noreply at xfce.org
Thu Mar 5 11:00:36 CET 2015
This is an automated email from the git hooks/post-receive script.
juha pushed a commit to branch master
in repository apps/orage.
commit 57caa36425a744b5f08deb580325dbf389bf4bf3
Author: Juha Kautto <juha at xfce.org>
Date: Thu Mar 5 11:59:11 2015 +0200
4.11.2.8 Coverity fix 31715-31717 strcpy without length check
Added check for length to prevent overrun
---
configure.in.in | 2 +-
src/appointment.c | 16 ++++++++++------
src/ical-code.c | 6 ++++--
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/configure.in.in b/configure.in.in
index 29b1bae..d7b17cb 100644
--- a/configure.in.in
+++ b/configure.in.in
@@ -9,7 +9,7 @@ dnl Written for Xfce by Juha Kautto <juha at xfce.org>
dnl
dnl Version information
-m4_define([orage_version], [4.11.2.7-git])
+m4_define([orage_version], [4.11.2.8-git])
m4_define([gtk_minimum_version], [2.14.0])
m4_define([xfce_minimum_version], [4.8.0])
diff --git a/src/appointment.c b/src/appointment.c
index 965e685..8413813 100644
--- a/src/appointment.c
+++ b/src/appointment.c
@@ -1472,18 +1472,20 @@ static xfical_exception *new_exception(char *text)
but if this fails (=return NULL) we may have date from somewhere
else */
if ((char *)strptime(text, "%x %R", &tm_time) == NULL)
- strcpy(recur_exception->time, orage_i18_date_to_icaldate(text));
+ strncpy(recur_exception->time, orage_i18_date_to_icaldate(text), 16);
else
- strcpy(recur_exception->time, orage_i18_time_to_icaltime(text));
+ strncpy(recur_exception->time, orage_i18_time_to_icaltime(text), 16);
+ recur_exception->time[16] = '\0';
#else
/* we should not have date-times as we are using internal libical,
which only uses dates, but if this returns non null, we may have
datetime from somewhere else */
tmp = (char *)strptime(text, "%x", &tm_time);
if (ORAGE_STR_EXISTS(tmp))
- strcpy(recur_exception->time, orage_i18_time_to_icaltime(text));
+ strncpy(recur_exception->time, orage_i18_time_to_icaltime(text), 16);
else
- strcpy(recur_exception->time, orage_i18_date_to_icaldate(text));
+ strncpy(recur_exception->time, orage_i18_date_to_icaldate(text), 16);
+ recur_exception->time[16] = '\0';
#endif
}
text[i-2] = ' ';
@@ -1546,8 +1548,10 @@ static gboolean add_recur_exception_row(char *p_time, char *p_type
strcpy(tmp_type, "-");
else if (!strcmp(p_type, "RDATE"))
strcpy(tmp_type, "+");
- else
- strcpy(tmp_type, p_type);
+ else {
+ strncpy(tmp_type, p_type, 1);
+ tmp_type[1] = '\0';
+ }
text = g_strdup_printf("%s %s", p_time, tmp_type);
/* Then, let's keep the GList updated */
diff --git a/src/ical-code.c b/src/ical-code.c
index 8f7c986..661fbf7 100644
--- a/src/ical-code.c
+++ b/src/ical-code.c
@@ -3835,8 +3835,10 @@ static void add_appt_to_list(icalcomponent *c, icaltime_span *span , void *data)
edate = icaltime_convert_to_zone(edate, local_icaltimezone);
- strcpy(appt->starttimecur, icaltime_as_ical_string(sdate));
- strcpy(appt->endtimecur, icaltime_as_ical_string(edate));
+ strncpy(appt->starttimecur, icaltime_as_ical_string(sdate), 16);
+ appt->starttimecur[16] = '\0';
+ strncpy(appt->endtimecur, icaltime_as_ical_string(edate), 16);
+ appt->endtimecur[16] = '\0';
/*
*/
/* Need to check that returned value is withing limits.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Xfce4-commits
mailing list