As per strncat man page:
If src contains n or more bytes, strncat() writes n+1 bytes to
dest (n from src plus the terminating null byte). Therefore,
the size of dest must be at least strlen(dest)+n+1.
Therefore, we must ensure the destination buffere does not overflow is
src is large enough.
Signed-off-by: Timo Kokkonen <timo.t.kokkonen@iki.fi>
tmpfile[0] = 0;
tmp[0] = 0;
- strncat(tmpfile, image->image_filename, sizeof(tmpfile) - 1);
- strncat(tmpfile, ".tmp", sizeof(tmpfile) - 1);
+ strncpy(tmpfile, image->image_filename, sizeof(tmpfile) - 1);
+ strncat(tmpfile, ".tmp",
+ sizeof(tmpfile) - strlen(image->image_filename) - 1);
if (image->updatestr)
updatestr = image->updatestr;