#87 [cppcheck] Dangerous usage of strncpy

closed-fixed
nobody
None
5
2010-04-26
2010-04-25
orbitcowboy
No

during a check of the current trunk with the static code analysis tool cppcheck, the tool found an issue in :
plplot/drivers/pstex.c at line 71. Cppcheck printed the following message:

Dangerous usage of 'ofile' (strncpy doesn't always 0-terminate it)

Take a look at the source:
....
strncpy( ofile, pls->FileName, 80 );
strcat( ofile, "_t" );
...
after strncpy, the buffer needs to be zero terminated, the strcat can be called.

Best regards

Ettl Martin

Discussion

  • Andrew Ross
    Andrew Ross
    2010-04-26

    Fixed in svn by dynamically allocating the buffer, then using snprintf.

    Note that pstex is depreciated so the fix has not been extensively tested.

     
  • Andrew Ross
    Andrew Ross
    2010-04-26

    • status: open --> closed-fixed