commit ef9d6aa70d68cd3a765ed55f4c3781aeb8aeea23
author Bram Moolenaar <Bram@vim.org> Mon Apr 11 16:56:35 2011 +0200
committer Bram Moolenaar <Bram@vim.org> Mon Apr 11 16:56:35 2011 +0200
tree e099b52d0ebf51c535ebe3cd875d8f70c06332df
parent 0d35e91abfa9e17f7c554bfd33b119b879448c72

updated for version 7.3.160
Problem:    Unsafe string copying.
Solution:   Use vim_strncpy() instead of strcpy().  Use vim_strcat() instead
            of strcat().

src/misc2.c

diff --git a/src/misc2.c b/src/misc2.c
index c6f4f11..c6207ff 100644
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -1647,6 +1647,28 @@
 }
 
 /*
+ * Like strcat(), but make sure the result fits in "tosize" bytes and is
+ * always NUL terminated.
+ */
+    void
+vim_strcat(to, from, tosize)
+    char_u	*to;
+    char_u	*from;
+    size_t	tosize;
+{
+    size_t tolen = STRLEN(to);
+    size_t fromlen = STRLEN(from);
+
+    if (tolen + fromlen + 1 > tosize)
+    {
+	mch_memmove(to + tolen, from, tosize - tolen - 1);
+	to[tosize - 1] = NUL;
+    }
+    else
+	STRCPY(to + tolen, from);
+}
+
+/*
  * Isolate one part of a string option where parts are separated with
  * "sep_chars".
  * The part is copied into "buf[maxlen]".