From b67106756fda101911d6aa8f3feccf03b6751e5d Mon Sep 17 00:00:00 2001
From: dbv <dbv.opencascade.com>
Date: Wed, 7 Mar 2012 15:34:08 +0400
Subject: [PATCH] 0022961: Dangerous usage of 'buf' (strncpy doesn't always
 0-terminate it) (cppcheck report)

---
 src/VrmlData/VrmlData_Group.cxx | 20 +++++++++++---------
 src/VrmlData/VrmlData_Scene.cxx | 32 +++++++++++++++++---------------
 2 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/src/VrmlData/VrmlData_Group.cxx b/src/VrmlData/VrmlData_Group.cxx
index 4dea40b448..526b0514a3 100755
--- a/src/VrmlData/VrmlData_Group.cxx
+++ b/src/VrmlData/VrmlData_Group.cxx
@@ -323,19 +323,21 @@ VrmlData_ErrorStatus VrmlData_Group::Read (VrmlData_InBuffer& theBuffer)
             // because each name must remain unique in the global scene.
             if (aNode->Name())
               if (* aNode->Name() != '\0') {
-                char buf[1024];
-                strncpy (buf, aFileName.ToCString(), sizeof(buf));
-                char * ptr = strchr (buf, '.');
-                if (!ptr)
-                  ptr = strchr (buf,'\0');
-                * ptr = '_';
-                strncpy (ptr+1, aNode->Name(), (&buf[sizeof(buf)]-ptr)-2);
-                const size_t len = strlen(buf) + 1;
+                TCollection_AsciiString buf;
+                buf += aFileName;
+                Standard_Integer aCharLocation = buf.Location (1, '.', 1, buf.Length());
+                if (aCharLocation != 0)
+                {
+                  buf.Remove (aCharLocation, buf.Length() - aCharLocation + 1);
+                }
+                buf += '_';
+                buf += aNode->Name();
+                const size_t len = buf.Length();
                 char * aNewName =
                   static_cast<char *> (Scene().Allocator()->Allocate (len));
                 if (aNewName) {
                   aNode->myName = aNewName;
-                  memcpy (aNewName, buf, len);
+                  memcpy (aNewName, buf.ToCString(), len);
                 }
               }
           }
diff --git a/src/VrmlData/VrmlData_Scene.cxx b/src/VrmlData/VrmlData_Scene.cxx
index 6c479284d7..c3d5fe8af0 100755
--- a/src/VrmlData/VrmlData_Scene.cxx
+++ b/src/VrmlData/VrmlData_Scene.cxx
@@ -1012,21 +1012,23 @@ VrmlData_ErrorStatus VrmlData_Scene::WriteNode
           aStatus = theNode->Write (thePrefix);
         else {
           // Name is written under DEF clause
-          char buf[1024], * ptr;
-          if (myNamedNodesOut.Contains (theNode)) {
-            memcpy (buf, "USE ", 4);
-            strncpy (&buf[4], theNode->Name(), sizeof(buf)-5);
-            aStatus = WriteLine (thePrefix, buf);
-          } else {
-            if (thePrefix) {
-              strncpy (buf, thePrefix, sizeof(buf));
-              ptr = strchr (buf, '\0');
-              * ptr++ = ' ';
-            } else
-              ptr = &buf[0];
-            strcpy (ptr, "DEF ");
-            strncpy (ptr+4, theNode->Name(), &buf[sizeof(buf)] - (ptr+5));
-            aStatus = theNode->Write (buf);
+          TCollection_AsciiString buf;
+          if (myNamedNodesOut.Contains (theNode))
+          {
+            buf += "USE ";
+            buf += theNode->Name();
+            aStatus = WriteLine (thePrefix, buf.ToCString());
+          } 
+          else 
+          {
+            if (thePrefix)
+            {
+              buf += thePrefix;
+              buf += ' ';
+            }
+            buf += "DEF ";
+            buf += theNode->Name();
+            aStatus = theNode->Write (buf.ToCString());
             const_cast<VrmlData_MapOfNode&>(myNamedNodesOut).Add (theNode);
           }
         }