<http://webkit.org/b/71921> Remove use of strcpy in KURL
authorddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Nov 2011 19:45:13 +0000 (19:45 +0000)
committerddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Nov 2011 19:45:13 +0000 (19:45 +0000)
Reviewed by Antti Koivisto.

* platform/KURL.cpp:
(WebCore::KURL::init): Replace strcpy() with strncpy().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@99999 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/KURL.cpp

index 27ae12a..407ecfe 100644 (file)
@@ -1,3 +1,12 @@
+2011-11-11  David Kilzer  <ddkilzer@apple.com>
+
+        <http://webkit.org/b/71921> Remove use of strcpy in KURL
+
+        Reviewed by Antti Koivisto.
+
+        * platform/KURL.cpp:
+        (WebCore::KURL::init): Replace strcpy() with strncpy().
+
 2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>
 
         De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
index 059fb2b..ad8f8d8 100644 (file)
@@ -482,9 +482,11 @@ void KURL::init(const KURL& base, const String& relative, const TextEncoding& en
                 // must be relative-path reference
 
                 // Base part plus relative part plus one possible slash added in between plus terminating \0 byte.
-                parseBuffer.resize(base.m_pathEnd + 1 + len + 1);
+                const size_t bufferSize = base.m_pathEnd + 1 + len + 1;
+                parseBuffer.resize(bufferSize);
 
                 char* bufferPos = parseBuffer.data();
+                const char* bufferStart = bufferPos;
 
                 // first copy everything before the path from the base
                 unsigned baseLength = base.m_string.length();
@@ -547,7 +549,7 @@ void KURL::init(const KURL& base, const String& relative, const TextEncoding& en
 
                 // all done with the path work, now copy any remainder
                 // of the relative reference; this will also add a null terminator
-                strcpy(bufferPos, relStringPos);
+                strncpy(bufferPos, relStringPos, bufferSize - (bufferPos - bufferStart));
 
                 parse(parseBuffer.data(), 0);