From: Matthias Kramm <kramm@quiss.org>
Date: Wed, 22 Apr 2009 16:35:55 +0000 (+0200)
Subject: fix for buffer overflow in swfc
X-Git-Tag: polyok~20
X-Git-Url: http://git.asbjorn.biz/?p=swftools.git;a=commitdiff_plain;h=d83e3527485ee6510a31dcac298089f0f413de3c

fix for buffer overflow in swfc
---

diff --git a/src/swfc-history.c b/src/swfc-history.c
index 072e582..d976053 100644
--- a/src/swfc-history.c
+++ b/src/swfc-history.c
@@ -322,7 +322,7 @@ void filterState_append(filterState_t* first, filterState_t* newChange)
     	    for (i = 0; i < first->value->num; i++)
     	    {
     	    	newList = (char*)malloc(strlen(list1) + strlen(filtername[first->value->filter[i]->type]) + 2);
-    	    	newList = strcat(strcat(list1, "+"), filtername[first->value->filter[i]->type]);
+    	    	strcpy(newList, strcat(strcat(list1, "+"), filtername[first->value->filter[i]->type]));
     	    	free(list1);
     	    	list1 = newList;
     	    }
@@ -331,7 +331,7 @@ void filterState_append(filterState_t* first, filterState_t* newChange)
     	    for (i = 0; i < newChange->value->num; i++)
     	    {
     	    	newList = (char*)malloc(strlen(list1) + strlen(filtername[newChange->value->filter[i]->type]) + 2);
-    	    	newList = strcat(strcat(list2, "+"), filtername[newChange->value->filter[i]->type]);
+    	    	strcpy(newList, strcat(strcat(list2, "+"), filtername[newChange->value->filter[i]->type]));
     	    	free(list2);
     	    	list2 = newList;
     	    }