fix build warnings

  - warning: specified bound depends on the length of the
    source argument
  - using source argument's length in strncat, strncpy
    can cause string overflow
  - so instead of use source length, to use snprintf

Change-Id: Ica4ece26165670ac968725d8a69a3431e9d9aa5a

diff --git a/src/lib/pepper/utils-file.c b/src/lib/pepper/utils-file.c
index 2fe9272..50f0929 100644 (file)
--- a/src/lib/pepper/utils-file.c
+++ b/src/lib/pepper/utils-file.c
@@ -33,6 +33,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <linux/limits.h>
+#include <stdio.h>
 
 static int
 set_cloexec_or_close(int fd)
@@ -110,8 +111,7 @@ pepper_create_anonymous_file(off_t size)
                return -1;
        }
 
-       strncpy(name, path, strlen(path) + 1);
-       strncat(name, template, sizeof(template));
+       snprintf(name, strlen(path) + sizeof(template), "%s%s", path, template);
 
        free(path);
        path = NULL;

diff --git a/src/samples/sample-client.c b/src/samples/sample-client.c
index 144b475..0a6f51a 100644 (file)
--- a/src/samples/sample-client.c
+++ b/src/samples/sample-client.c
@@ -222,8 +222,7 @@ os_create_anonymous_file(off_t size)
        if (!name)
                return -1;
 
-       strncpy(name, path, strlen(path) + 1);
-       strncat(name, template, sizeof(template));
+       snprintf(name, strlen(path) + sizeof(template), "%s%s", path, template);
 
        fd = create_tmpfile_cloexec(name);