vcl/source/treelist/transfer.cxx | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
New commits:
commit ba7db98cca3d8516697c94ef0d6af27db9e1655e
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Thu Dec 2 08:14:51 2021 +0200
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Fri Dec 3 09:13:38 2021 +0100
Use strncpy to avoid overflow and fill the rest with nulls
Change-Id: I29c427b87aa87af3236bd6e1a7e9e08e6f470bf6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126227
Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/vcl/source/treelist/transfer.cxx b/vcl/source/treelist/transfer.cxx
index 81c99653578f..4561535d0291 100644
--- a/vcl/source/treelist/transfer.cxx
+++ b/vcl/source/treelist/transfer.cxx
@@ -784,10 +784,11 @@ bool TransferableHelper::SetINetBookmark( const
INetBookmark& rBmk,
case SotClipboardFormatId::NETSCAPE_BOOKMARK:
{
Sequence< sal_Int8 > aSeq( 2048 );
+ char* pSeq = reinterpret_cast< char* >( aSeq.getArray() );
- memset( aSeq.getArray(), 0, 2048 );
- strcpy( reinterpret_cast< char* >( aSeq.getArray() ),
OUStringToOString(rBmk.GetURL(), eSysCSet).getStr() );
- strcpy( reinterpret_cast< char* >( aSeq.getArray() ) + 1024,
OUStringToOString(rBmk.GetDescription(), eSysCSet).getStr() );
+ // strncpy fills the rest with nulls, as we need
+ strncpy( pSeq, OUStringToOString(rBmk.GetURL(),
eSysCSet).getStr(), 1024 );
+ strncpy( pSeq + 1024, OUStringToOString(rBmk.GetDescription(),
eSysCSet).getStr(), 1024 );
maAny <<= aSeq;
}
