tests: silence more CodeQL warnings in test_utils/test_main.c

Catch one more uncatched strcpy() and strcat()

diff --git a/test_utils/test_main.c b/test_utils/test_main.c
index f6d9924837624c304d767857fa4dbb7a56dbe56b..fd5c6da7928064d6826d336fbcebb015c1e34b1a 100644 (file)
--- a/test_utils/test_main.c
+++ b/test_utils/test_main.c
@@ -4066,6 +4066,7 @@ main(int argc, char **argv)
 
        {
                char *testprg;
+               int testprg_len;
 #if defined(_WIN32) && !defined(__CYGWIN__)
                /* Command.com sometimes rejects '/' separators. */
                testprg = strdup(testprogfile);
@@ -4076,10 +4077,11 @@ main(int argc, char **argv)
                testprogfile = testprg;
 #endif
                /* Quote the name that gets put into shell command lines. */
-               testprg = malloc(strlen(testprogfile) + 3);
-               strcpy(testprg, "\"");
-               strcat(testprg, testprogfile);
-               strcat(testprg, "\"");
+               testprg_len = strlen(testprogfile) + 3;
+               testprg = malloc(testprg_len);
+               strncpy(testprg, "\"", testprg_len);
+               strncat(testprg, testprogfile, testprg_len);
+               strncat(testprg, "\"", testprg_len);
                testprog = testprg;
        }
 #endif