DtSvc: Coverity (memory corruption)

diff --git a/cde/lib/DtSvc/DtUtil1/DbUtil.c b/cde/lib/DtSvc/DtUtil1/DbUtil.c
index f431230f9efba8d48d7e2d21f3317fc024eb6829..0828860d20d5941ca9b0cedb2cdb5df988e34b86 100644 (file)
--- a/cde/lib/DtSvc/DtUtil1/DbUtil.c
+++ b/cde/lib/DtSvc/DtUtil1/DbUtil.c
@@ -736,6 +736,7 @@ _DtDbGetDataBaseEnv( void )
    char *nwh_dir;
    char *temp_buf;
    char *temp_s;
+   int slen = 0;
 
    nwh_dir = getenv ("HOME");
    /* 
@@ -745,9 +746,10 @@ _DtDbGetDataBaseEnv( void )
    if (( temp_s = getenv ("DTDATABASESEARCHPATH")))
       if ( *temp_s != 0 ) return XtNewString(temp_s);
 
-   temp_buf =
-     XtMalloc((2*strlen(nwh_dir)) + strlen(DTDATABASESEARCHPATH_DEFAULT) + 1);
-   sprintf (temp_buf, DTDATABASESEARCHPATH_DEFAULT, nwh_dir, nwh_dir);
+   slen = (2 * strlen(nwh_dir)) + strlen(DTDATABASESEARCHPATH_DEFAULT) + 1;
+   temp_buf = XtCalloc(1, slen);
+   snprintf (temp_buf, slen - 1,
+             DTDATABASESEARCHPATH_DEFAULT, nwh_dir, nwh_dir);
    return temp_buf;
 
 }