Fixed buffer overflow in cscanner.l

[splint.git] / src / cscanner.l

diff --git a/src/cscanner.l b/src/cscanner.l
index 6118acac4184e4d835808183bba1bebb7b61bf35..74a3779a8a07738bac204aee20ef4c8027cea494 100644 (file)
--- a/src/cscanner.l
+++ b/src/cscanner.l
@@ -1713,20 +1713,23 @@ static bool handleSpecial (char *yyt)
   char c;
   char *ol;
   cstring olc;
-  
-  strcpy (l, yyt + 1);
 
-  /* Need to safe original l for deallocating. */
-  ol = l;
+  int len_yyt;
+
+  len_yyt = strlen (yyt +1) ;
 
-  l += strlen (yyt) - 1;
+  l = mstring_copy (yyt + 1);
   
   while ((c = char_fromInt (lminput ())) != '\n' && c != '\0')
     {
-      *l++ = c;
+      l = mstring_append(l, c);
     }
 
-  *l = '\0';
+    /* Need to safe original l for deallocating. */
+  ol = l;
+
+  l += strlen (l);
+
   olc = cstring_fromChars (ol);
   
   if (cstring_equalPrefixLit (olc, "pragma"))