Rewrite str_replace using snprintf for security and fix clang-tidy (#2350)

1 files changed, 11 insertions, 6 deletions

diff --git a/cs.c b/cs.c
index 65f89b8e..e619effc 100644
--- a/cs.c
+++ b/cs.c
@@ -776,18 +776,23 @@ cs_err CAPSTONE_API cs_close(csh *handle)
 	return CS_ERR_OK;
 }
 
-// replace str1 in target with str2; target starts with str1
-// output is put into result (which is array of char with size CS_MNEMONIC_SIZE)
-// return 0 on success, -1 on failure
+/// replace str1 in target with str2; target starts with str1
+/// output is put into result (which is array of char with size CS_MNEMONIC_SIZE)
+/// return 0 on success, -1 on failure
 #ifndef CAPSTONE_DIET
 static int str_replace(char *result, char *target, const char *str1, char *str2)
 {
+	size_t target_len = strlen(target);
+	size_t str1_len = strlen(str1);
+	if (target_len < str1_len) {
+		return -1;
+	}
+
 	// only perform replacement if the output fits into result
-	if (strlen(target) - strlen(str1) + strlen(str2) < CS_MNEMONIC_SIZE - 1)  {
+	if (target_len - str1_len + strlen(str2) <= CS_MNEMONIC_SIZE - 1)  {
 		// copy str2 to beginning of result
-		strcpy(result, str2);
 		// skip str1 - already replaced by str2
-		strcat(result, target + strlen(str1));
+		snprintf(result, CS_MNEMONIC_SIZE, "%s%s", str2, target + str1_len);
 
 		return 0;
 	} else