Bug fix: 161 etags munges relative filenames (any path containing "..") in TAGS files

	Two bugs fixed here. One was Coverity induced, but another one,
	the strcpy -> memmove change is a real issue regarding copying in
	overlapping memory.

	* lib-src/etags.c (relative_filename): Correct off-by-1 error in
	counting down remaining bytes.

	* lib-src/etags.c (absoulte_filename): Change strcpy to memmove
	since this is a guaranteed overlapping memory copy, and strcpy is
	not guaranteed by POSIX to handle it properly.
	http://pubs.opengroup.org/onlinepubs/9699919799/functions/stpcpy.html

	"If copying takes place between objects that overlap, the behavior is undefined."

Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>

diff --git a/lib-src/etags.c b/lib-src/etags.c
index 5271c6e..9b5756e 100644 (file)
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -6882,7 +6882,7 @@ char *file, *dir;
        res_left = 3 * i + strlen(fp);
        res = xnew( res_left + 1, char);
        res[0] = '\0';
-       for ( ; i-- > 0 ; res_left -= 4 )
+       for ( ; i-- > 0 ; res_left -= 3 )
                strncat(res, "../", res_left );
 
        /* Add the file name relative to the common root of file and dir. */
@@ -6920,7 +6920,8 @@ char *file, *dir;
                                while (cp >= res && !filename_is_absolute (cp));
                                if (cp < res)
                                        cp = slashp;    /* the absolute name begins with "/.." */
-                               strcpy (cp, slashp + 3);
+                               slashp += 3;
+                               memmove(cp, slashp,strlen(slashp)+1);
                                slashp = cp;
                                continue;
                        }