From 0a854ad9612964a040682f0485b6c15d149ba54f Mon Sep 17 00:00:00 2001
From: szukw000 <szukw000@arcor.de>
Date: Fri, 30 Nov 2018 08:13:53 +0100
Subject: [PATCH] gcc-8.2.0 warnings: possible buffer overflow

---
 src/bin/jp2/convert.c        |  4 ++--
 src/bin/jp2/opj_compress.c   | 23 ++++++++++++++---------
 src/bin/jp2/opj_decompress.c |  2 +-
 src/bin/jp2/opj_dump.c       |  7 ++++---
 4 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index e670cd82..0efb89d7 100644
--- a/src/bin/jp2/convert.c
+++ b/src/bin/jp2/convert.c
@@ -1384,7 +1384,7 @@ int imagetopgx(opj_image_t * image, const char *outfile)
                 goto fin;
             }
         }
-        strncpy(name, outfile, dotpos);
+        memcpy(name, outfile, dotpos);
         sprintf(name + dotpos, "_%u.pgx", compno);
         fdest = fopen(name, "wb");
         /* don't need name anymore */
@@ -2212,7 +2212,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
             const size_t olen = strlen(outfile);
             const size_t dotpos = olen - 4;
 
-            strncpy(destname, outfile, dotpos);
+            memcpy(destname, outfile, dotpos);
             sprintf(destname + dotpos, "_%u.pgm", compno);
         } else {
             sprintf(destname, "%s", outfile);
diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
index 148bf951..0c831b76 100644
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@@ -527,34 +527,39 @@ static char * get_file_name(char *name)
     return fname;
 }
 
+#define INFILENAME_LEN OPJ_PATH_LEN*2
+#define OUTFILENAME_LEN OPJ_PATH_LEN*2
+
 static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
                           opj_cparameters_t *parameters)
 {
-    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
-         outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
-    char *temp_p, temp1[OPJ_PATH_LEN] = "";
+    char image_filename[OPJ_PATH_LEN + 2], infilename[INFILENAME_LEN],
+         outfilename[OUTFILENAME_LEN], temp_ofname[OPJ_PATH_LEN + 2];
+    char *temp_p, temp1[OPJ_PATH_LEN + 2] = "";
 
-    strcpy(image_filename, dirptr->filename[imageno]);
+    strncpy(image_filename, dirptr->filename[imageno], OPJ_PATH_LEN);
     fprintf(stderr, "File Number %d \"%s\"\n", imageno, image_filename);
     parameters->decod_format = get_file_format(image_filename);
     if (parameters->decod_format == -1) {
         return 1;
     }
-    sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename);
+    snprintf(infilename, INFILENAME_LEN, "%s/%s", img_fol->imgdirpath,
+             image_filename);
     if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile),
                      infilename) != 0) {
         return 1;
     }
 
     /*Set output file*/
-    strcpy(temp_ofname, get_file_name(image_filename));
+    strncpy(temp_ofname, get_file_name(image_filename), OPJ_PATH_LEN);
     while ((temp_p = strtok(NULL, ".")) != NULL) {
         strcat(temp_ofname, temp1);
         sprintf(temp1, ".%s", temp_p);
     }
     if (img_fol->set_out_format == 1) {
-        sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-                img_fol->out_format);
+        snprintf(outfilename, OUTFILENAME_LEN, "%s/%s.%s", img_fol->imgdirpath,
+                 temp_ofname,
+                 img_fol->out_format);
         if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
                          outfilename) != 0) {
             return 1;
@@ -940,7 +945,7 @@ static int parse_cmdline_encoder(int argc, char **argv,
         case 'p': {         /* progression order */
             char progression[4];
 
-            strncpy(progression, opj_optarg, 4);
+            memcpy(progression, opj_optarg, 4);
             parameters->prog_order = give_progression(progression);
             if (parameters->prog_order == -1) {
                 fprintf(stderr, "Unrecognized progression order "
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index 4b9583b7..dc2e4623 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -456,7 +456,7 @@ char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
                    opj_decompress_parameters *parameters)
 {
     char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
-         outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
+         outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
     char *temp_p, temp1[OPJ_PATH_LEN] = "";
 
     strcpy(image_filename, dirptr->filename[imageno]);
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index 6e15fee4..26e1a72d 100644
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -201,8 +201,8 @@ static int get_file_format(const char *filename)
 static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
                           opj_dparameters_t *parameters)
 {
-    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
-         outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
+    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
+         outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
     char *temp_p, temp1[OPJ_PATH_LEN] = "";
 
     strcpy(image_filename, dirptr->filename[imageno]);
@@ -211,7 +211,8 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
     if (parameters->decod_format == -1) {
         return 1;
     }
-    sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename);
+    snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath,
+             image_filename);
     if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile),
                      infilename) != 0) {
         return 1;