ccfilter: uses unbounded strcat()/strcpy()

Problem:  ccfilter.c copies compiler output into fixed-size buffers
          with strcat() and strcpy(), so very long diagnostics can
          overflow.
Solution: replace with snprintf() bounded by LINELENGTH.

Automated security fix generated by Orbis Security AI

closes: #20233

Signed-off-by: orbisai0security <mediratta01.pally@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/runtime/tools/ccfilter.c b/runtime/tools/ccfilter.c
index ae1443e203cebb09a50fa11ab5ee45c9a3d3f968..269e4ee662893120feabff789db8287a89ada7b0 100644 (file)
--- a/runtime/tools/ccfilter.c
+++ b/runtime/tools/ccfilter.c
@@ -249,14 +249,15 @@ int main( int argc, char *argv[] )
 
            stay = (echogets(Line2, echo) != NULL);
            while ( stay && (Line2[0] == '|') )
-             { for (p=&Line2[2]; (*p) && (isspace((unsigned char)*p)); p++);
-               strcat( Reason, ": " );
-               strcat( Reason, p );
+             { size_t n;
+               for (p=&Line2[2]; (*p) && (isspace((unsigned char)*p)); p++);
+               n = strlen(Reason);
+               snprintf( Reason + n, LINELENGTH - n, ": %s", p );
                Line2[0] = 0;
                stay = (echogets(Line2, echo) != NULL);
              }
            prefetch = 1;
-           strcpy( Line, Line2 );
+           snprintf( Line, LINELENGTH, "%s", Line2 );
            break;
          case COMPILER_IRIX:
            Col       = 1;
@@ -291,8 +292,8 @@ int main( int argc, char *argv[] )
                        prefetch = 0;
                      }
                     else
-                     { strcat( Line, "\n" );
-                       strcat( Line, Line2 );
+                     { size_t n = strlen(Line);
+                       snprintf( Line + n, LINELENGTH - n, "\n%s", Line2 );
                      }
                  }
              }