From b403f9e0dc4417ee545b15b2ff559eb69c76828a Mon Sep 17 00:00:00 2001
From: Seunghun Lee <shiin.lee@samsung.com>
Date: Wed, 13 Jul 2022 13:42:09 +0900
Subject: [PATCH] shm: Use snprintf() instead of vulnerable strcat()

Change-Id: I0c7a2dd640993387dcaf1bf8f1db0eae593b4030
---
 src/util/shm.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/util/shm.c b/src/util/shm.c
index 4abd229..4c94b79 100644
--- a/src/util/shm.c
+++ b/src/util/shm.c
@@ -25,6 +25,7 @@
 
 #define _POSIX_C_SOURCE 200809L
 #include <stdbool.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <string.h>
@@ -119,6 +120,7 @@ allocate_shm_file(off_t size)
 	static const char template[] = "/weston-shared-XXXXXX";
 	const char *path;
 	char *name;
+	size_t name_size;
 	int fd;
 	int ret;
 
@@ -141,12 +143,12 @@ allocate_shm_file(off_t size)
 			return -1;
 		}
 
-		name = malloc(strlen(path) + sizeof(template));
+		name_size = strlen(path) + sizeof(template);
+		name = malloc(name_size);
 		if (!name)
 			return -1;
 
-		strcpy(name, path);
-		strcat(name, template);
+		snprintf(name, name_size, "%s%s", path, template);
 
 		fd = create_tmpfile_cloexec(name);
 
-- 
2.7.4