shm: Use snprintf() instead of vulnerable strcat()

Change-Id: I0c7a2dd640993387dcaf1bf8f1db0eae593b4030

diff --git a/src/util/shm.c b/src/util/shm.c
index 4abd229..4c94b79 100644 (file)
--- a/src/util/shm.c
+++ b/src/util/shm.c
@@ -25,6 +25,7 @@
 
 #define _POSIX_C_SOURCE 200809L
 #include <stdbool.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <string.h>
@@ -119,6 +120,7 @@ allocate_shm_file(off_t size)
        static const char template[] = "/weston-shared-XXXXXX";
        const char *path;
        char *name;
+       size_t name_size;
        int fd;
        int ret;
 
@@ -141,12 +143,12 @@ allocate_shm_file(off_t size)
                        return -1;
                }
 
-               name = malloc(strlen(path) + sizeof(template));
+               name_size = strlen(path) + sizeof(template);
+               name = malloc(name_size);
                if (!name)
                        return -1;
 
-               strcpy(name, path);
-               strcat(name, template);
+               snprintf(name, name_size, "%s%s", path, template);
 
                fd = create_tmpfile_cloexec(name);