From d83e3527485ee6510a31dcac298089f0f413de3c Mon Sep 17 00:00:00 2001
From: Matthias Kramm <kramm@quiss.org>
Date: Wed, 22 Apr 2009 18:35:55 +0200
Subject: [PATCH] fix for buffer overflow in swfc

---
 src/swfc-history.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/swfc-history.c b/src/swfc-history.c
index 072e582..d976053 100644
--- a/src/swfc-history.c
+++ b/src/swfc-history.c
@@ -322,7 +322,7 @@ void filterState_append(filterState_t* first, filterState_t* newChange)
     	    for (i = 0; i < first->value->num; i++)
     	    {
     	    	newList = (char*)malloc(strlen(list1) + strlen(filtername[first->value->filter[i]->type]) + 2);
-    	    	newList = strcat(strcat(list1, "+"), filtername[first->value->filter[i]->type]);
+    	    	strcpy(newList, strcat(strcat(list1, "+"), filtername[first->value->filter[i]->type]));
     	    	free(list1);
     	    	list1 = newList;
     	    }
@@ -331,7 +331,7 @@ void filterState_append(filterState_t* first, filterState_t* newChange)
     	    for (i = 0; i < newChange->value->num; i++)
     	    {
     	    	newList = (char*)malloc(strlen(list1) + strlen(filtername[newChange->value->filter[i]->type]) + 2);
-    	    	newList = strcat(strcat(list2, "+"), filtername[newChange->value->filter[i]->type]);
+    	    	strcpy(newList, strcat(strcat(list2, "+"), filtername[newChange->value->filter[i]->type]));
     	    	free(list2);
     	    	list2 = newList;
     	    }
-- 
1.7.10.4