diff --git a/src/xmlwriter.c b/src/xmlwriter.c index 3b70dcd0..ad5e05d7 100644 --- a/src/xmlwriter.c +++ b/src/xmlwriter.c @@ -153,19 +153,19 @@ _escape_attributes(struct xml_attribute *attribute) while (*p_attr) { switch (*p_attr) { case '&': - strncat(p_encoded, LXW_AMP, sizeof(LXW_AMP) - 1); + memcpy(p_encoded, LXW_AMP, sizeof(LXW_AMP) - 1); p_encoded += sizeof(LXW_AMP) - 1; break; case '<': - strncat(p_encoded, LXW_LT, sizeof(LXW_LT) - 1); + memcpy(p_encoded, LXW_LT, sizeof(LXW_LT) - 1); p_encoded += sizeof(LXW_LT) - 1; break; case '>': - strncat(p_encoded, LXW_GT, sizeof(LXW_GT) - 1); + memcpy(p_encoded, LXW_GT, sizeof(LXW_GT) - 1); p_encoded += sizeof(LXW_GT) - 1; break; case '"': - strncat(p_encoded, LXW_QUOT, sizeof(LXW_QUOT) - 1); + memcpy(p_encoded, LXW_QUOT, sizeof(LXW_QUOT) - 1); p_encoded += sizeof(LXW_QUOT) - 1; break; default: @@ -195,15 +195,15 @@ lxw_escape_data(const char *data) while (*data) { switch (*data) { case '&': - strncat(p_encoded, LXW_AMP, sizeof(LXW_AMP) - 1); + memcpy(p_encoded, LXW_AMP, sizeof(LXW_AMP) - 1); p_encoded += sizeof(LXW_AMP) - 1; break; case '<': - strncat(p_encoded, LXW_LT, sizeof(LXW_LT) - 1); + memcpy(p_encoded, LXW_LT, sizeof(LXW_LT) - 1); p_encoded += sizeof(LXW_LT) - 1; break; case '>': - strncat(p_encoded, LXW_GT, sizeof(LXW_GT) - 1); + memcpy(p_encoded, LXW_GT, sizeof(LXW_GT) - 1); p_encoded += sizeof(LXW_GT) - 1; break; default: diff --git a/third_party/tmpfileplus/tmpfileplus.c b/third_party/tmpfileplus/tmpfileplus.c index e1ff7c7b..83d3d9f8 100644 --- a/third_party/tmpfileplus/tmpfileplus.c +++ b/third_party/tmpfileplus/tmpfileplus.c @@ -169,7 +169,7 @@ static char *getenv_save(const char *varname, char *buf, size_t bufsize) buf[0] = '\0'; if (ptr) { - strncpy(buf, ptr, bufsize); + strncpy(buf, ptr, bufsize-1); buf[bufsize-1] = '\0'; return buf; }