Marc
/
server
forked from github/server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CID 26259: Memory - corruptions 

I apparently don't know how strncat works.
This commit is contained in:
Enno Rehling 2015-10-29 16:36:20 +01:00
parent 59069ae342
commit b7dce8071c
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/study.c
View File

@ -41,6 +41,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
/* util includes */ /* util includes */
#include <util/attrib.h> #include <util/attrib.h>
#include <util/base36.h> #include <util/base36.h>
#include <util/bsdstring.h>
#include <util/language.h> #include <util/language.h>
#include <util/log.h> #include <util/log.h>
#include <util/parser.h> #include <util/parser.h>
@ -374,6 +375,7 @@ int teach_cmd(unit * u, struct order *ord)
#endif #endif
{ {
char zOrder[4096]; char zOrder[4096];
size_t sz = sizeof(zOrder);
order *new_order; order *new_order;
zOrder[0] = '\0'; zOrder[0] = '\0';
@ -425,9 +427,11 @@ int teach_cmd(unit * u, struct order *ord)
/* Neuen Befehl zusammenbauen. TEMP-Einheiten werden automatisch in /* Neuen Befehl zusammenbauen. TEMP-Einheiten werden automatisch in
* ihre neuen Nummern uebersetzt. */ * ihre neuen Nummern uebersetzt. */
if (zOrder[0]) if (zOrder[0]) {
strncat(zOrder, " ", sizeof(zOrder)); strncat(zOrder, " ", sz - 1);
strncat(zOrder, unitid(u2), sizeof(zOrder)); --sz;
}
sz -= strlcpy(zOrder + 4096 - sz, unitid(u2), sz);
if (getkeyword(u2->thisorder) != K_STUDY) { if (getkeyword(u2->thisorder) != K_STUDY) {
ADDMSG(&u->faction->msgs, ADDMSG(&u->faction->msgs,