X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2FlibFLAC%2Fmetadata_iterators.c;h=bc3823eee8ad036ddfd14d43b4b32fb25ce0d2e9;hb=2d6354ff2a618a79d40edbd4f208b4b07c5422f1;hp=d2a229a1ebc9e689b995d8cff6b19b990a719367;hpb=15a011c43daa06d452f91cbf386d9daf93d568df;p=platform%2Fupstream%2Fflac.git

diff --git a/src/libFLAC/metadata_iterators.c b/src/libFLAC/metadata_iterators.c
index d2a229a..bc3823e 100644
--- a/src/libFLAC/metadata_iterators.c
+++ b/src/libFLAC/metadata_iterators.c
@@ -47,6 +47,7 @@
 #include "share/alloc.h"
 #include "share/compat.h"
 #include "share/macros.h"
+#include "share/safe_str.h"
 #include "private/macros.h"
 #include "private/memory.h"
 
@@ -3198,28 +3199,32 @@ FLAC__bool open_tempfile_(const char *filename, const char *tempfile_path_prefix
 {
 	static const char *tempfile_suffix = ".metadata_edit";
 	if(0 == tempfile_path_prefix) {
-		if(0 == (*tempfilename = safe_malloc_add_3op_(strlen(filename), /*+*/strlen(tempfile_suffix), /*+*/1))) {
+		size_t dest_len = strlen(filename) + strlen(tempfile_suffix) + 1;
+		if(0 == (*tempfilename = safe_malloc_(dest_len))) {
 			*status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
 			return false;
 		}
-		strcpy(*tempfilename, filename);
-		strcat(*tempfilename, tempfile_suffix);
+		safe_strncpy(*tempfilename, filename, dest_len);
+		safe_strncat(*tempfilename, tempfile_suffix, dest_len);
 	}
 	else {
 		const char *p = strrchr(filename, '/');
+		size_t dest_len;
 		if(0 == p)
 			p = filename;
 		else
 			p++;
 
-		if(0 == (*tempfilename = safe_malloc_add_4op_(strlen(tempfile_path_prefix), /*+*/strlen(p), /*+*/strlen(tempfile_suffix), /*+*/2))) {
+		dest_len = strlen(tempfile_path_prefix) + strlen(p) + strlen(tempfile_suffix) + 2;
+
+		if(0 == (*tempfilename = safe_malloc_(dest_len))) {
 			*status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
 			return false;
 		}
-		strcpy(*tempfilename, tempfile_path_prefix);
-		strcat(*tempfilename, "/");
-		strcat(*tempfilename, p);
-		strcat(*tempfilename, tempfile_suffix);
+		safe_strncpy(*tempfilename, tempfile_path_prefix, dest_len);
+		safe_strncat(*tempfilename, "/", dest_len);
+		safe_strncat(*tempfilename, p, dest_len);
+		safe_strncat(*tempfilename, tempfile_suffix, dest_len);
 	}
 
 	if(0 == (*tempfile = fopen(*tempfilename, "w+b"))) {