cursor/os-compatibility: remove strcpy/strcat usage

These functions don't perform bounds checking, so they are easy to
misuse and complicate audits.

Signed-off-by: Simon Ser <contact@emersion.fr>

diff --git a/cursor/os-compatibility.c b/cursor/os-compatibility.c
index 8d51e52..9c84d68 100644 (file)
--- a/cursor/os-compatibility.c
+++ b/cursor/os-compatibility.c
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <string.h>
+#include <stdio.h>
 #include <stdlib.h>
 
 #ifdef HAVE_MEMFD_CREATE
@@ -118,6 +119,7 @@ os_create_anonymous_file(off_t size)
        static const char template[] = "/wayland-cursor-shared-XXXXXX";
        const char *path;
        char *name;
+       size_t name_size;
        int fd;
 
 #ifdef HAVE_MEMFD_CREATE
@@ -139,12 +141,12 @@ os_create_anonymous_file(off_t size)
                        return -1;
                }
 
-               name = malloc(strlen(path) + sizeof(template));
+               name_size = strlen(path) + sizeof(template);
+               name = malloc(name_size);
                if (!name)
                        return -1;
 
-               strcpy(name, path);
-               strcat(name, template);
+               snprintf(name, name_size, "%s%s", path, template);
 
                fd = create_tmpfile_cloexec(name);