diff options
author | Tor Andersson <tor.andersson@artifex.com> | 2013-02-19 16:18:38 +0100 |
---|---|---|
committer | Tor Andersson <tor.andersson@artifex.com> | 2013-02-19 18:46:40 +0100 |
commit | 68169ec2511425d018c03a997f95ebfe043e41f9 (patch) | |
tree | 3c429e02ff9b816d09177b11491e6fbe3c253f95 | |
parent | 9cc9978a7260d201137459a65601e35dce1d444e (diff) | |
download | mupdf-68169ec2511425d018c03a997f95ebfe043e41f9.tar.xz |
Bug 693639: Use strlcpy instead of strncpy!
strncpy is *not* the correct function to use. It does not null terminate,
and it needlessly zeroes past the end. It was designed for fixed length
database records, not strings. Use fz_strlcpy and strlcat instead.
-rw-r--r-- | apps/pdfapp.c | 2 | ||||
-rw-r--r-- | apps/win_main.c | 2 | ||||
-rw-r--r-- | pdf/pdf_xref.c | 3 |
3 files changed, 3 insertions, 4 deletions
diff --git a/apps/pdfapp.c b/apps/pdfapp.c index 40b57e1a..bc0c3188 100644 --- a/apps/pdfapp.c +++ b/apps/pdfapp.c @@ -342,7 +342,7 @@ static int pdfapp_save(pdfapp_t *app) if (written) { char buf2[PATH_MAX]; - strncpy(buf2, app->docpath, PATH_MAX); + fz_strlcpy(buf2, app->docpath, PATH_MAX); pdfapp_close(app); winreplacefile(buf, buf2); pdfapp_open(app, buf2, 1); diff --git a/apps/win_main.c b/apps/win_main.c index 18c110eb..70021399 100644 --- a/apps/win_main.c +++ b/apps/win_main.c @@ -396,7 +396,7 @@ char *wintextinput(pdfapp_t *app, char *inittext, int retry) { int code; td_retry = retry; - strncpy(td_textinput, inittext?inittext:"", sizeof(td_textinput)); + fz_strlcpy(td_textinput, inittext ? inittext : "", sizeof td_textinput); code = DialogBoxW(NULL, L"IDD_DLOGTEXT", hwndframe, dlogtextproc); if (code <= 0) winerror(app, "cannot create text input dialog"); diff --git a/pdf/pdf_xref.c b/pdf/pdf_xref.c index c94ad85e..7914876e 100644 --- a/pdf/pdf_xref.c +++ b/pdf/pdf_xref.c @@ -1301,8 +1301,7 @@ pdf_meta(pdf_document *doc, int key, void *ptr, int size) if (info && ptr && size) { char *utf8 = pdf_to_utf8(doc, info); - strncpy(ptr, utf8, size); - ((char *)ptr)[size-1] = 0; + fz_strlcpy(ptr, utf8, size); fz_free(doc->ctx, utf8); } return 1; |