From 403ba303b997b47c79241247e0d2b5fc698e3dd0 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Sun, 17 May 2026 08:19:14 +0000
Subject: [PATCH] ccfilter: uses unbounded strcat()/strcpy()

Problem:  ccfilter.c copies compiler output into fixed-size buffers
          with strcat() and strcpy(), so very long diagnostics can
          overflow.
Solution: replace with snprintf() bounded by LINELENGTH.

Automated security fix generated by Orbis Security AI

closes: #20233

Signed-off-by: orbisai0security <mediratta01.pally@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 runtime/tools/ccfilter.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/runtime/tools/ccfilter.c b/runtime/tools/ccfilter.c
index ae1443e203..269e4ee662 100644
--- a/runtime/tools/ccfilter.c
+++ b/runtime/tools/ccfilter.c
@@ -249,14 +249,15 @@ int main( int argc, char *argv[] )
 
 	    stay = (echogets(Line2, echo) != NULL);
 	    while ( stay && (Line2[0] == '|') )
-	      { for (p=&Line2[2]; (*p) && (isspace((unsigned char)*p)); p++);
-		strcat( Reason, ": " );
-		strcat( Reason, p );
+	      { size_t n;
+		for (p=&Line2[2]; (*p) && (isspace((unsigned char)*p)); p++);
+		n = strlen(Reason);
+		snprintf( Reason + n, LINELENGTH - n, ": %s", p );
 		Line2[0] = 0;
 		stay = (echogets(Line2, echo) != NULL);
 	      }
 	    prefetch = 1;
-	    strcpy( Line, Line2 );
+	    snprintf( Line, LINELENGTH, "%s", Line2 );
 	    break;
 	  case COMPILER_IRIX:
 	    Col       = 1;
@@ -291,8 +292,8 @@ int main( int argc, char *argv[] )
 			prefetch = 0;
 		      }
 		     else
-		      { strcat( Line, "\n" );
-			strcat( Line, Line2 );
+		      { size_t n = strlen(Line);
+			snprintf( Line + n, LINELENGTH - n, "\n%s", Line2 );
 		      }
 		  }
 	      }