From aa43602493675baebeff028d66c9aa39a555ac7f Mon Sep 17 00:00:00 2001
From: Norbert Thiebaud <nthiebaud@gmail.com>
Date: Sat, 5 Jul 2014 21:41:26 +0200
Subject: coverity#983493 String Overflow

Change-Id: I31a167508ca33e8d6ccc13690c013c39566b9447
---
 sal/osl/unx/process.cxx | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'sal')

diff --git a/sal/osl/unx/process.cxx b/sal/osl/unx/process.cxx
index abe4bc9f6b64..0a0ba0240fb1 100644
--- a/sal/osl/unx/process.cxx
+++ b/sal/osl/unx/process.cxx
@@ -124,23 +124,26 @@ static oslProcessError SAL_CALL osl_searchPath_impl(const sal_Char* pszName,
                 *pstr++ = '/';
 
             *pstr = '\0';
+            size_t reminder = PATH_MAX - strlen(path);
+            if(reminder > strlen(pszName))
+            {
+                strncat(path, pszName, reminder);
 
-            strcat(path, pszName);
+                if (access(path, 0) == 0)
+                {
+                    char szRealPathBuf[PATH_MAX + 1] = "";
 
-            if (access(path, 0) == 0)
-            {
-                char szRealPathBuf[PATH_MAX] = "";
+                    if( NULL == realpath(path, szRealPathBuf) || (strlen(szRealPathBuf) >= (sal_uInt32)Max))
+                        return osl_Process_E_Unknown;
 
-                if( NULL == realpath(path, szRealPathBuf) || (strlen(szRealPathBuf) >= (sal_uInt32)Max))
-                    return osl_Process_E_Unknown;
+                    strcpy(pszBuffer, path);
 
-                strcpy(pszBuffer, path);
+                    return osl_Process_E_None;
+                }
 
-                return osl_Process_E_None;
+                if (*pchr == ':')
+                    pchr++;
             }
-
-            if (*pchr == ':')
-                pchr++;
         }
     }
 
-- 
cgit