Avoiding strcpy, strcat, sprintf usage to make static analyzer happy

diff --git a/ext/ereg/regex/regerror.c b/ext/ereg/regex/regerror.c
index f8c3ca3538f1374cf85832c6f9c7b14aae8eb009..05737a462ce3d8436a11a578958faf24e22833ca 100644 (file)
--- a/ext/ereg/regex/regerror.c
+++ b/ext/ereg/regex/regerror.c
@@ -74,7 +74,7 @@ size_t errbuf_size)
        char convbuf[50];
 
        if (errcode == REG_ATOI)
-               s = regatoi(preg, convbuf);
+               s = regatoi(preg, convbuf, sizeof(convbuf));
        else {
                for (r = rerrs; r->code >= 0; r++)
                        if (r->code == target)
@@ -84,7 +84,7 @@ size_t errbuf_size)
                        if (r->code >= 0)
                                (void) strncpy(convbuf, r->name, 50);
                        else
-                               sprintf(convbuf, "REG_0x%x", target);
+                               snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
                        assert(strlen(convbuf) < sizeof(convbuf));
                        s = convbuf;
                } else
@@ -106,12 +106,13 @@ size_t errbuf_size)
 
 /*
  - regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
  */
 static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
 const regex_t *preg;
 char *localbuf;
+int bufsize;
 {
        register const struct rerr *r;
 
@@ -121,6 +122,6 @@ char *localbuf;
        if (r->code < 0)
                return("0");
 
-       sprintf(localbuf, "%d", r->code);
+       snprintf(localbuf, bufsize, "%d", r->code);
        return(localbuf);
 }

diff --git a/ext/ereg/regex/regerror.ih b/ext/ereg/regex/regerror.ih
index 2cb668c24f07e246c43e054f722b7b3da6c94ce7..5ff158e57db480a6e58fed5f270920b5c5aab761 100644 (file)
--- a/ext/ereg/regex/regerror.ih
+++ b/ext/ereg/regex/regerror.ih
@@ -4,7 +4,7 @@ extern "C" {
 #endif
 
 /* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
 
 #ifdef __cplusplus
 }

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index 181a4d4931e5fd6c1c7479de5a6c55454bd9b169..46dbc78b9da724f9fa29e6324ba1f909268cc342 100644 (file)
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -170,10 +170,10 @@ PHP_FUNCTION(crypt)
        /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
        if (!*salt) {
 #if PHP_MD5_CRYPT
-               strcpy(salt, "$1$");
+               strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
                php_to64(&salt[3], PHP_CRYPT_RAND, 4);
                php_to64(&salt[7], PHP_CRYPT_RAND, 4);
-               strcpy(&salt[11], "$");
+               strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
 #elif PHP_STD_DES_CRYPT
                php_to64(&salt[0], PHP_CRYPT_RAND, 2);
                salt[2] = '\0';

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 8769a3d296ad3bbf6889078b50896269320e750f..a7a708b1b28297be8c1bde75504ad55fa80cedb5 100644 (file)
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -330,7 +330,7 @@ finish:
                                scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
                                scratch = emalloc(scratch_len);
                                strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
-                               strcat(scratch, " ");
+                               strncat(scratch, " ", 1);
                        }
                }
        }
@@ -344,7 +344,7 @@ finish:
        if (!scratch) {
                scratch_len = strlen(path) + 29 + protocol_version_len;
                scratch = emalloc(scratch_len);
-               strcpy(scratch, "GET ");
+               strncpy(scratch, "GET ", scratch_len);
        }
 
        /* Should we send the entire path in the request line, default to no. */

diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c
index 13b38555271753370457c6ba40eda09155f1989e..7bb003207f96ab4d6b8a32c91907bff395ce756f 100644 (file)
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -183,8 +183,8 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
 
                                l = string_length + el_len + 1;
                                memcpy(p, string_key, string_length);
-                               strcat(p, "=");
-                               strcat(p, data);
+                               strncat(p, "=", 1);
+                               strncat(p, data, el_len);
 
 #ifndef PHP_WIN32
                                *ep = p;

diff --git a/ext/standard/user_filters.c b/ext/standard/user_filters.c
index 679f3e6bb69b6c0fe215c245456df0873366d117..76668c1497f75d2c9b736bcd4a6a4878fd39e469 100644 (file)
--- a/ext/standard/user_filters.c
+++ b/ext/standard/user_filters.c
@@ -311,7 +311,7 @@ static php_stream_filter *user_filter_factory_create(const char *filtername,
                        period = wildcard + (period - filtername);
                        while (period) {
                                *period = '\0';
-                               strcat(wildcard, ".*");
+                               strncat(wildcard, ".*", 2);
                                if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) {
                                        period = NULL;
                                } else {

diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index af9e9c9b8e10d39647175dbab0b2f6f2dd2c4443..85b4fbf203073708ce854076294d50b63d72d466 100644 (file)
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -1050,7 +1050,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
                                        if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
                                                int newlen = Z_STRLEN_PP(myval) + decoded_len;
                                                Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-                                               strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+                                               strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
                                                Z_STRLEN_PP(myval) += decoded_len;
                                                efree(decoded_value);
                                        } else {
@@ -1070,7 +1070,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
                                                                if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
                                                                        int newlen = Z_STRLEN_PP(myval) + decoded_len;
                                                                        Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-                                                                       strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+                                                                       strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
                                                                        Z_STRLEN_PP(myval) += decoded_len;
                                                                        efree(decoded_value);
                                                                        return;

diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 5d57886e671f7ff1419b1ed45fce7459d930a3d7..07441abd829a3fd93cab98037c2ede7fb43ceb95 100644 (file)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -463,7 +463,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
 #endif
        if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
                IS_ABSOLUTE_PATH(PG(doc_root), length)) {
-               filename = emalloc(length + strlen(path_info) + 2);
+               int path_len = strlen(path_info);
+               filename = emalloc(length + path_len + 2);
                if (filename) {
                        memcpy(filename, PG(doc_root), length);
                        if (!IS_SLASH(filename[length - 1])) {  /* length is never 0 */
@@ -472,7 +473,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
                        if (IS_SLASH(path_info[0])) {
                                length--;
                        }
-                       strcpy(filename + length, path_info);
+                       strncpy(filename + length, path_len + 1);
                }
        } else {
                filename = SG(request_info).path_translated;

diff --git a/main/streams/filter.c b/main/streams/filter.c
index 623c66f96da30b213ada8297ddf3f3da168c6bfa..99293259e73fd4473530e7f59ff16dc6889eb804 100644 (file)
--- a/main/streams/filter.c
+++ b/main/streams/filter.c
@@ -270,7 +270,7 @@ PHPAPI php_stream_filter *php_stream_filter_create(const char *filtername, zval
                period = wildname + (period - filtername);
                while (period && !filter) {
                        *period = '\0';
-                       strcat(wildname, ".*");
+                       strncat(wildname, ".*", 2);
                        if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) {
                                filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC);
                        }