From ca1a5ea845c283a9c84fd2ae9f6d152cca354183 Mon Sep 17 00:00:00 2001 From: Neil Date: Sun, 22 Dec 2013 18:00:45 +1100 Subject: Avoid unsafe strcpy, strncpy, and strcat replacing with safer functions which guaranty termination where possible. --- lexlib/PropSetSimple.cxx | 2 +- lexlib/StringCopy.h | 33 +++++++++++++++++++++++++++++++++ lexlib/WordList.cxx | 5 +++-- 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 lexlib/StringCopy.h (limited to 'lexlib') diff --git a/lexlib/PropSetSimple.cxx b/lexlib/PropSetSimple.cxx index 6792eea15..6f4553a07 100644 --- a/lexlib/PropSetSimple.cxx +++ b/lexlib/PropSetSimple.cxx @@ -146,7 +146,7 @@ int PropSetSimple::GetExpanded(const char *key, char *result) const { ExpandAllInPlace(*this, val, 100, VarChain(key)); const int n = static_cast(val.size()); if (result) { - strcpy(result, val.c_str()); + memcpy(result, val.c_str(), n+1); } return n; // Not including NUL } diff --git a/lexlib/StringCopy.h b/lexlib/StringCopy.h new file mode 100644 index 000000000..caca49911 --- /dev/null +++ b/lexlib/StringCopy.h @@ -0,0 +1,33 @@ +// Scintilla source code edit control +/** @file StringCopy.h + ** Safe string copy function which always NUL terminates. + **/ +// Copyright 2013 by Neil Hodgson +// The License.txt file describes the conditions under which this software may be distributed. + +#ifndef STRINGCOPY_H +#define STRINGCOPY_H + +#ifdef SCI_NAMESPACE +namespace Scintilla { +#endif + +// Safer version of string copy functions like strcpy, wcsncpy, etc. +// Instantiate over fixed length strings of both char and wchar_t. +// May truncate if source doesn't fit into dest with room for NUL. + +template +void StringCopy(T (&dest)[count], const T* source) { + for (size_t i=0; i