From: Xinchen Hui <laruence@php.net>
Date: Tue, 9 Aug 2011 12:16:58 +0000 (+0000)
Subject: Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
X-Git-Tag: php-5.4.0beta1~461
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=64fc565765f77cc51dead0c1e78f4dac02bcd070;p=php

Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
---

diff --git a/ext/ereg/regex/regerror.c b/ext/ereg/regex/regerror.c
index f8c3ca3538..05737a462c 100644
--- a/ext/ereg/regex/regerror.c
+++ b/ext/ereg/regex/regerror.c
@@ -74,7 +74,7 @@ size_t errbuf_size)
 	char convbuf[50];
 
 	if (errcode == REG_ATOI)
-		s = regatoi(preg, convbuf);
+		s = regatoi(preg, convbuf, sizeof(convbuf));
 	else {
 		for (r = rerrs; r->code >= 0; r++)
 			if (r->code == target)
@@ -84,7 +84,7 @@ size_t errbuf_size)
 			if (r->code >= 0)
 				(void) strncpy(convbuf, r->name, 50);
 			else
-				sprintf(convbuf, "REG_0x%x", target);
+				snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
 			assert(strlen(convbuf) < sizeof(convbuf));
 			s = convbuf;
 		} else
@@ -106,12 +106,13 @@ size_t errbuf_size)
 
 /*
  - regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
  */
 static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
 const regex_t *preg;
 char *localbuf;
+int bufsize;
 {
 	register const struct rerr *r;
 
@@ -121,6 +122,6 @@ char *localbuf;
 	if (r->code < 0)
 		return("0");
 
-	sprintf(localbuf, "%d", r->code);
+	snprintf(localbuf, bufsize, "%d", r->code);
 	return(localbuf);
 }
diff --git a/ext/ereg/regex/regerror.ih b/ext/ereg/regex/regerror.ih
index 2cb668c24f..5ff158e57d 100644
--- a/ext/ereg/regex/regerror.ih
+++ b/ext/ereg/regex/regerror.ih
@@ -4,7 +4,7 @@ extern "C" {
 #endif
 
 /* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
 
 #ifdef __cplusplus
 }
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index da1a3b3a67..700811b9e6 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -170,10 +170,10 @@ PHP_FUNCTION(crypt)
 	/* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
 	if (!*salt) {
 #if PHP_MD5_CRYPT
-		strcpy(salt, "$1$");
+		strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
 		php_to64(&salt[3], PHP_CRYPT_RAND, 4);
 		php_to64(&salt[7], PHP_CRYPT_RAND, 4);
-		strcpy(&salt[11], "$");
+		strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
 #elif PHP_STD_DES_CRYPT
 		php_to64(&salt[0], PHP_CRYPT_RAND, 2);
 		salt[2] = '\0';
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 7a918d9c83..4567efc1f2 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -330,7 +330,7 @@ finish:
 				scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
 				scratch = emalloc(scratch_len);
 				strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
-				strcat(scratch, " ");
+				strncat(scratch, " ", 1);
 			}
 		}
 	}
@@ -344,7 +344,7 @@ finish:
 	if (!scratch) {
 		scratch_len = strlen(path) + 29 + protocol_version_len;
 		scratch = emalloc(scratch_len);
-		strcpy(scratch, "GET ");
+		strncpy(scratch, "GET ", scratch_len);
 	}
 
 	/* Should we send the entire path in the request line, default to no. */
diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c
index 9544cc03da..6b7f6ba548 100644
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -155,8 +155,8 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
 
 				l = string_length + el_len + 1;
 				memcpy(p, string_key, string_length);
-				strcat(p, "=");
-				strcat(p, data);
+				strncat(p, "=", 1);
+				strncat(p, data, el_len);
 
 #ifndef PHP_WIN32
 				*ep = p;
diff --git a/ext/standard/user_filters.c b/ext/standard/user_filters.c
index 752c52af83..9afc4f1568 100644
--- a/ext/standard/user_filters.c
+++ b/ext/standard/user_filters.c
@@ -311,7 +311,7 @@ static php_stream_filter *user_filter_factory_create(const char *filtername,
 			period = wildcard + (period - filtername);
 			while (period) {
 				*period = '\0';
-				strcat(wildcard, ".*");
+				strncat(wildcard, ".*", 2);
 				if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) {
 					period = NULL;
 				} else {
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index 6788c86bc3..78237c0bb3 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -950,7 +950,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
 					if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
 						int newlen = Z_STRLEN_PP(myval) + decoded_len;
 						Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-						strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+						strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
 						Z_STRLEN_PP(myval) += decoded_len;
 						efree(decoded_value);
 					} else {
@@ -970,7 +970,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
 								if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
 									int newlen = Z_STRLEN_PP(myval) + decoded_len;
 									Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
-									strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+									strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
 									Z_STRLEN_PP(myval) += decoded_len;
 									efree(decoded_value);
 									return;
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index f00127bc06..f4d122bbbb 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -410,7 +410,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
 #endif
 	if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
 		IS_ABSOLUTE_PATH(PG(doc_root), length)) {
-		filename = emalloc(length + strlen(path_info) + 2);
+		int path_len = strlen(path_info);
+		filename = emalloc(length + path_len + 2);
 		if (filename) {
 			memcpy(filename, PG(doc_root), length);
 			if (!IS_SLASH(filename[length - 1])) {	/* length is never 0 */
@@ -419,7 +420,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
 			if (IS_SLASH(path_info[0])) {
 				length--;
 			}
-			strcpy(filename + length, path_info);
+			strncpy(filename + length, path_info, path_len + 1);
 		}
 	} else {
 		filename = SG(request_info).path_translated;
diff --git a/main/streams/filter.c b/main/streams/filter.c
index 623c66f96d..99293259e7 100644
--- a/main/streams/filter.c
+++ b/main/streams/filter.c
@@ -270,7 +270,7 @@ PHPAPI php_stream_filter *php_stream_filter_create(const char *filtername, zval
 		period = wildname + (period - filtername);
 		while (period && !filter) {
 			*period = '\0';
-			strcat(wildname, ".*");
+			strncat(wildname, ".*", 2);
 			if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) {
 				filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC);
 			}