diff options
| author | Rasmus Lerdorf <rasmus@php.net> | 2011-08-07 00:18:38 +0000 |
|---|---|---|
| committer | Rasmus Lerdorf <rasmus@php.net> | 2011-08-07 00:18:38 +0000 |
| commit | 5a448d23b26bd07c58eb6dd28ce376b31b339ba0 (patch) | |
| tree | aef19aad72c9bf1c9116554c7de68576249447ac | |
| parent | e2315d295a10346d30e99d92d04bfca09513245c (diff) | |
| download | php-git-5a448d23b26bd07c58eb6dd28ce376b31b339ba0.tar.gz | |
These naked strcpy()s scare me
| -rw-r--r-- | ext/ereg/ereg.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/ereg/ereg.c b/ext/ereg/ereg.c index 3fbaa2cc63..c2b065210a 100644 --- a/ext/ereg/ereg.c +++ b/ext/ereg/ereg.c @@ -474,7 +474,7 @@ PHP_EREG_API char *php_ereg_replace(const char *pattern, const char *replace, co if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = emalloc(buf_len); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -511,7 +511,7 @@ PHP_EREG_API char *php_ereg_replace(const char *pattern, const char *replace, co if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } @@ -526,7 +526,7 @@ PHP_EREG_API char *php_ereg_replace(const char *pattern, const char *replace, co if (new_l + 1 > buf_len) { buf_len = new_l + 1; /* now we know exactly how long it is */ nbuf = safe_emalloc(buf_len, sizeof(char), 0); - strcpy(nbuf, buf); + strncpy(nbuf, buf, buf_len-1); efree(buf); buf = nbuf; } |