From 68f8f0830e9c70bcbce0f340eb38ecd5a6a9305a Mon Sep 17 00:00:00 2001 From: Enno Rehling Date: Fri, 30 Oct 2015 11:45:20 +0100 Subject: [PATCH] CID 22561: Copy into fixed size buffer (STRING_OVERFLOW) --- src/reports.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/reports.c b/src/reports.c index ae965c938..792f8c7fb 100644 --- a/src/reports.c +++ b/src/reports.c @@ -1773,7 +1773,10 @@ const char *trailinto(const region * r, const struct locale *lang) const char *s; if (r) { const char *tname = terrain_name(r); - strcat(strcpy(ref, tname), "_trail"); + size_t sz; + + sz = strlcpy(ref, tname, sizeof(ref)); + sz += strlcat(ref+sz, "_trail", sizeof(ref)-sz); s = LOC(lang, ref); if (s && *s) { if (strstr(s, "%s"))