diff --git a/src/runtime/runtime.c b/src/runtime/runtime.c index 5e24191..7e44e70 100644 --- a/src/runtime/runtime.c +++ b/src/runtime/runtime.c @@ -1470,7 +1470,7 @@ int main(int argc, char* argv[]) { fprintf(stderr, "Running in verbose mode\n"); } - char appimage_path[PATH_MAX]; + char appimage_path[PATH_MAX] = "/proc/self/exe"; char argv0_path[PATH_MAX]; char* arg; @@ -1480,12 +1480,20 @@ int main(int argc, char* argv[]) { * change any time. Do not rely on it being present. We might even limit this * functionality specifically for builds used by appimaged. */ - if (getenv("TARGET_APPIMAGE") == NULL) { - strcpy(appimage_path, "/proc/self/exe"); - strcpy(argv0_path, argv[0]); + const char* const TARGET_APPIMAGE = getenv("TARGET_APPIMAGE"); + if (TARGET_APPIMAGE == NULL) { + char *res = memccpy(argv0_path, argv[0], '\0', sizeof(argv0_path)); + if (res == NULL) { + fprintf(stderr, "Program name too big\n"); + exit(EXIT_EXECERROR); + } } else { - strcpy(appimage_path, getenv("TARGET_APPIMAGE")); - strcpy(argv0_path, getenv("TARGET_APPIMAGE")); + char *res1 = memccpy(appimage_path, TARGET_APPIMAGE, '\0', sizeof(appimage_path)); + char *res2 = memccpy(argv0_path, TARGET_APPIMAGE, '\0', sizeof(argv0_path)); + if (res1 == NULL || res2 == NULL) { + fprintf(stderr, "TARGET_APPIMAGE environment variable too big\n"); + exit(EXIT_EXECERROR); + } } // temporary directories are required in a few places @@ -1494,8 +1502,13 @@ int main(int argc, char* argv[]) { { const char* const TMPDIR = getenv("TMPDIR"); - if (TMPDIR != NULL) - strcpy(temp_base, getenv("TMPDIR")); + if (TMPDIR != NULL) { + char *res = memccpy(temp_base, TMPDIR, '\0', sizeof(temp_base)); + if (res == NULL) { + fprintf(stderr, "TMPDIR environemnt variable too big\n"); + exit(EXIT_EXECERROR); + } + } } fs_offset = appimage_get_elf_size(appimage_path);