From b3a183fceb2a003de6ff38d99ef3849b2a462c32 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Tue, 13 Oct 2015 19:30:17 +0200 Subject: [PATCH] Made sure that mangling name buffer of 40 bytes cannot overflow. Coverity CID 12589. --- libisofs/ecma119_tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libisofs/ecma119_tree.c b/libisofs/ecma119_tree.c index cf4fb5d..bc9e8fc 100644 --- a/libisofs/ecma119_tree.c +++ b/libisofs/ecma119_tree.c @@ -654,6 +654,7 @@ int mangle_single_dir(Ecma119Image *img, Ecma119Node *dir, int max_file_len, for (i = 0; i < nchildren; ++i) { char *name, *ext; char full_name[40]; + const int full_max_len = 40 - 1; int max; /* computed max len for name, without extension */ int j = i; int digits = 1; /* characters to change per name */ @@ -692,7 +693,8 @@ int mangle_single_dir(Ecma119Image *img, Ecma119Node *dir, int max_file_len, int change = 0; /* number to be written */ /* copy name to buffer */ - strcpy(full_name, children[i]->iso_name); + strncpy(full_name, children[i]->iso_name, full_max_len); + full_name[full_max_len] = 0; /* compute name and extension */ dot = strrchr(full_name, '.');