From fcce95b68cbb1fbeb3bdaa1429defc347678fb2b Mon Sep 17 00:00:00 2001
From: Aleksandar Rikalo <arikalo@gmail.com>
Date: Fri, 20 Jun 2025 09:08:07 +0200
Subject: gdbsupport: Use xsnprintf() instead of strcat() in print-utils

Theoretically, in functions core_addr_to_string_nz() and
core_addr_to_string(), strcat() can overflow, so use a safe
approach using xsnprintf().

Change-Id: Ib9437450b3634dc35077234f462a03a8640242d4
---
 gdbsupport/print-utils.cc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'gdbsupport/print-utils.cc')

diff --git a/gdbsupport/print-utils.cc b/gdbsupport/print-utils.cc
index a798713..8514720 100644
--- a/gdbsupport/print-utils.cc
+++ b/gdbsupport/print-utils.cc
@@ -304,8 +304,7 @@ core_addr_to_string (const CORE_ADDR addr)
 {
   char *str = get_print_cell ();
 
-  strcpy (str, "0x");
-  strcat (str, phex (addr));
+  xsnprintf (str, PRINT_CELL_SIZE, "0x%s", phex (addr));
   return str;
 }
 
@@ -316,8 +315,7 @@ core_addr_to_string_nz (const CORE_ADDR addr)
 {
   char *str = get_print_cell ();
 
-  strcpy (str, "0x");
-  strcat (str, phex_nz (addr));
+  xsnprintf (str, PRINT_CELL_SIZE, "0x%s", phex_nz (addr));
   return str;
 }
 
-- 
cgit v1.1