Secure coding related to the buffer length - strncat

author Shinwoo Kim <cinoo.kim@samsung.com>

Fri, 11 Sep 2015 10:43:46 +0000 (19:43 +0900)

committer Tomasz Olszak <t.olszak@samsung.com>

Fri, 11 Sep 2015 12:50:59 +0000 (21:50 +0900)
author Shinwoo Kim <cinoo.kim@samsung.com>
Fri, 11 Sep 2015 10:43:46 +0000 (19:43 +0900)
committer Tomasz Olszak <t.olszak@samsung.com>
Fri, 11 Sep 2015 12:50:59 +0000 (21:50 +0900)
diff --git a/src/screen_reader_spi.c b/src/screen_reader_spi.c

index 90449f7..b577c0b 100644 (file)
--- a/src/screen_reader_spi.c
+++ b/src/screen_reader_spi.c
@@ -96,7 +96,7 @@ char *generate_description_for_subtree(AtspiAccessible * obj)
                 if (name && strncmp(name, "\0", 1)) {
                         strncat(ret, name, sizeof(ret) - strlen(ret) - 1);
                 }
-               strncat(ret, " ", 1);
+               strncat(ret, " ", sizeof(ret) - strlen(ret) - 1);
                 below = generate_description_for_subtree(child);
                 if (strncmp(below, "\0", 1)) {
                         strncat(ret, below, sizeof(ret) - strlen(ret) - 1);
@@ -134,7 +134,7 @@ static char *spi_on_state_changed_get_text(AtspiEvent * event, void *user_data)
  
         if (names) {
                 strncat(ret, names, sizeof(ret) - strlen(ret) - 1);
-               strncat(ret, ", ", 2);
+               strncat(ret, ", ", sizeof(ret) - strlen(ret) - 1);
         }
  
         if (role_name)
@@ -142,7 +142,7 @@ static char *spi_on_state_changed_get_text(AtspiEvent * event, void *user_data)
  
         if (description) {
                 if (strncmp(description, "\0", 1))
-                       strncat(ret, ", ", 2);
+                       strncat(ret, ", ", sizeof(ret) - strlen(ret) - 1);
                 strncat(ret, description, sizeof(ret) - strlen(ret) - 1);
         }
author	Shinwoo Kim <cinoo.kim@samsung.com>
	Fri, 11 Sep 2015 10:43:46 +0000 (19:43 +0900)
committer	Tomasz Olszak <t.olszak@samsung.com>
	Fri, 11 Sep 2015 12:50:59 +0000 (21:50 +0900)