Avoid strcpy() usage

diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
index 92411f8075464d82f4497c7093f02d28589319fa..a2a22e751791f35e5af654e3fbbadc59674fd417 100644 (file)
--- a/ext/pdo/pdo_sql_parser.re
+++ b/ext/pdo/pdo_sql_parser.re
@@ -213,7 +213,7 @@ safe:
                                                                param->param_type TSRMLS_CC)) {
                                                        /* bork */
                                                        ret = -1;
-                                                       strcpy(stmt->error_code, stmt->dbh->error_code);
+                                                       strncpy(stmt->error_code, stmt->dbh->error_code, 6);
                                                        if (buf) {
                                                                efree(buf);
                                                        }
@@ -254,7 +254,7 @@ safe:
                                                                        param->param_type TSRMLS_CC)) {
                                                                /* bork */
                                                                ret = -1;
-                                                               strcpy(stmt->error_code, stmt->dbh->error_code);
+                                                               strncpy(stmt->error_code, stmt->dbh->error_code, 6);
                                                                goto clean_up;
                                                        }
                                                        plc->freeq = 1;

diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
index 71768a31b1fe024cdc782fd9aeef37514acbd690..0b19e2a9068d19a14aed69078cfd9a5438906484 100644 (file)
--- a/ext/pdo_sqlite/sqlite_driver.c
+++ b/ext/pdo_sqlite/sqlite_driver.c
@@ -47,33 +47,33 @@ int _pdo_sqlite_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, const char *file, int li
                }
                einfo->errmsg = pestrdup((char*)sqlite3_errmsg(H->db), dbh->is_persistent);
        } else { /* no error */
-               strcpy(*pdo_err, PDO_ERR_NONE);
+               strncpy(*pdo_err, PDO_ERR_NONE, sizeof(PDO_ERR_NONE));
                return 0;
        }
        switch (einfo->errcode) {
                case SQLITE_NOTFOUND:
-                       strcpy(*pdo_err, "42S02");
+                       strncpy(*pdo_err, "42S02", sizeof("42S02"));
                        break;  
 
                case SQLITE_INTERRUPT:
-                       strcpy(*pdo_err, "01002");
+                       strncpy(*pdo_err, "01002", sizeof("01002"));
                        break;
 
                case SQLITE_NOLFS:
-                       strcpy(*pdo_err, "HYC00");
+                       strncpy(*pdo_err, "HYC00", sizeof("HYC00"));
                        break;
 
                case SQLITE_TOOBIG:
-                       strcpy(*pdo_err, "22001");
+                       strncpy(*pdo_err, "22001", sizeof("22001"));
                        break;
        
                case SQLITE_CONSTRAINT:
-                       strcpy(*pdo_err, "23000");
+                       strncpy(*pdo_err, "23000", sizeof("23000"));
                        break;
 
                case SQLITE_ERROR:
                default:
-                       strcpy(*pdo_err, "HY000");
+                       strncpy(*pdo_err, "HY000", sizeof("HY000"));
                        break;
        }