From e195df4b50fbea464e9138e249e12f4a35a69b8c Mon Sep 17 00:00:00 2001
From: Peter Howkins <flibble@users.sf.net>
Date: Fri, 30 Mar 2018 22:09:47 +0100
Subject: [PATCH] dtudcfonted: Resolve further coverity issues

---
 cde/programs/dtudcfonted/cpyw.c                |  3 +--
 cde/programs/dtudcfonted/cpyx.c                | 18 +++++++++---------
 cde/programs/dtudcfonted/dtcpgpf/cpgpf.c       |  4 ++--
 cde/programs/dtudcfonted/dtgpftobdf/gpftobdf.c |  2 +-
 cde/programs/dtudcfonted/dtgpftocpf/gpftocpf.c |  5 ++++-
 cde/programs/dtudcfonted/include/udcopt.h      | 18 +++++++++---------
 cde/programs/dtudcfonted/include/udcutil.h     |  4 ++--
 cde/programs/dtudcfonted/libfal/_fallcCT.c     |  2 +-
 cde/programs/dtudcfonted/libfal/_fallcDB.c     |  8 ++++----
 .../dtudcfonted/libfal/_fallcDefConv.c         |  2 ++
 cde/programs/dtudcfonted/libfal/_fallcFile.c   |  4 ++--
 .../dtudcfonted/libfal/_fallcGenConv.c         |  2 +-
 .../dtudcfonted/libfal/_fallcGeneric.c         |  2 +-
 .../dtudcfonted/libfal/_falomGeneric.c         |  2 +-
 cde/programs/dtudcfonted/libfal/_faludcInf.c   |  4 ++++
 cde/programs/dtudcfonted/libfal/falfont.c      |  3 ++-
 cde/programs/dtudcfonted/libfal/readpcf.c      |  1 +
 cde/programs/dtudcfonted/libfuty/getfname.c    |  2 +-
 cde/programs/dtudcfonted/libfuty/oakfuty.c     |  4 ++--
 cde/programs/dtudcfonted/util.c                |  5 +----
 20 files changed, 51 insertions(+), 44 deletions(-)

diff --git a/cde/programs/dtudcfonted/cpyw.c b/cde/programs/dtudcfonted/cpyw.c
index 10227d6b..26a93023 100644
--- a/cde/programs/dtudcfonted/cpyw.c
+++ b/cde/programs/dtudcfonted/cpyw.c
@@ -137,8 +137,7 @@ String message;
     };
     static NButton BTN = NBUTTONS( buttons );
 
-    strcpy( bmsg, resource.mn_cpy_lost );
-    strcat( bmsg, message );
+    snprintf(bmsg, sizeof(bmsg), "%s%s", resource.mn_cpy_lost, message);
     SetItemLabel(&BTN, 0, resource.l_ok);
     SetItemLabel(&BTN, 1, resource.l_cancel);
     PopupNotice( cpyPtnW, bmsg, D_WARNING, &BTN, False, resource.l_warning_title);
diff --git a/cde/programs/dtudcfonted/cpyx.c b/cde/programs/dtudcfonted/cpyx.c
index 8f37f739..216dc936 100644
--- a/cde/programs/dtudcfonted/cpyx.c
+++ b/cde/programs/dtudcfonted/cpyx.c
@@ -548,13 +548,13 @@ font_init()
 	xlf_count = udc_count = sty_count = wls_count = hls_count = 0;
 	if (FalGetFontList(NULL, FAL_FONT_MASK_DEFINED |
 	    		FAL_FONT_MASK_UNDEFINED, &fontlist) == FAL_ERROR) {
-		strcpy(err, FAL_ERROR_STR);
+		snprintf(err, sizeof(err), "%s", FAL_ERROR_STR);
 		Error_message((Widget)NULL, err);
 		return;
 	}
 	if(fontlist->num == 0) {
 	        FalFreeFontList(fontlist);
-		strcpy(err, resource.mn_no_font);
+		snprintf(err, sizeof(err), "%s", resource.mn_no_font);
 		Error_message((Widget)NULL, err);
 		return;
 	}
@@ -622,15 +622,15 @@ font_init()
 						(XtCallbackProc)udc_call, NULL);
 	for (i=0; i < udc_count; i++) {
 		if(udc[i] == FAL_FONT_CS0)
-			sprintf(tmp, CS0);
+			snprintf(tmp, sizeof(tmp), "%s", CS0);
 		else if(udc[i] == FAL_FONT_CS1)
-			sprintf(tmp, CS1);
+			snprintf(tmp, sizeof(tmp), "%s", CS1);
 		else if(udc[i] == FAL_FONT_CS2)
-			sprintf(tmp, CS2);
+			snprintf(tmp, sizeof(tmp), "%s", CS2);
 		else if(udc[i] == FAL_FONT_CS3)
-			sprintf(tmp, CS3);
+			snprintf(tmp, sizeof(tmp), "%s", CS3);
 		else
-			sprintf(tmp, "Codeset %x?", udc[i]);
+			snprintf(tmp, sizeof(tmp), "Codeset %x?", udc[i]);
 		button1[i] = XmCreatePushButton(pull1, tmp, NULL, 0);
 		XtManageChild(button1[i]);
 		XtAddCallback(button1[i], XmNactivateCallback,
@@ -653,7 +653,7 @@ font_init()
 	XtAddCallback(button, XmNactivateCallback,
 						(XtCallbackProc)wls_call, NULL);
 	for (i=0; i < wls_count; i++) {
-		sprintf(tmp, "%d", wls[i]);
+		snprintf(tmp, sizeof(tmp), "%d", wls[i]);
 		button3[i] = XmCreatePushButton(pull3, tmp, NULL, 0);
 		XtManageChild(button3[i]);
 		XtAddCallback(button3[i], XmNactivateCallback,
@@ -665,7 +665,7 @@ font_init()
 	XtAddCallback(button, XmNactivateCallback,
 						(XtCallbackProc)hls_call, NULL);
 	for (i=0; i < hls_count; i++) {
-		sprintf(tmp, "%d", hls[i]);
+		snprintf(tmp, sizeof(tmp), "%d", hls[i]);
 		button4[i] = XmCreatePushButton(pull4, tmp, NULL, 0);
 		XtManageChild(button4[i]);
 		XtAddCallback(button4[i], XmNactivateCallback,
diff --git a/cde/programs/dtudcfonted/dtcpgpf/cpgpf.c b/cde/programs/dtudcfonted/dtcpgpf/cpgpf.c
index ddfc5bcb..e4be2542 100644
--- a/cde/programs/dtudcfonted/dtcpgpf/cpgpf.c
+++ b/cde/programs/dtudcfonted/dtcpgpf/cpgpf.c
@@ -1153,8 +1153,8 @@ char		*output;
 	char	fbuf[BUFSIZE], split[BUFSIZE] ;
 	char	*ep, *pix_sz, *point_sz, *rsl_x, *av_width, *char_set ;
 
-	strcpy( fbuf, font ) ;
-	strcpy( split, font ) ;
+	snprintf( fbuf, sizeof(fbuf), "%s", font ) ;
+	snprintf( split, sizeof(split), "%s", font ) ;
 	ep = fbuf ;
 	ep += strlen( fbuf ) ;
 	ep-- ;
diff --git a/cde/programs/dtudcfonted/dtgpftobdf/gpftobdf.c b/cde/programs/dtudcfonted/dtgpftobdf/gpftobdf.c
index 26cecbad..c7d59d8f 100644
--- a/cde/programs/dtudcfonted/dtgpftobdf/gpftobdf.c
+++ b/cde/programs/dtudcfonted/dtgpftobdf/gpftobdf.c
@@ -289,7 +289,7 @@ char	*argv[];
 	time(&clock);
 	tm = localtime(&clock);
 
-	strcpy( tmbuf, asctime(tm) ) ;
+	snprintf( tmbuf, sizeof(tmbuf), "%s", asctime(tm) ) ;
 
 	k = sprintf(bufp,"COMMENT    Created date : %s\n",tmbuf );
 	bufp += k-1;
diff --git a/cde/programs/dtudcfonted/dtgpftocpf/gpftocpf.c b/cde/programs/dtudcfonted/dtgpftocpf/gpftocpf.c
index 0a1af2e7..dc1b1572 100644
--- a/cde/programs/dtudcfonted/dtgpftocpf/gpftocpf.c
+++ b/cde/programs/dtudcfonted/dtgpftocpf/gpftocpf.c
@@ -570,7 +570,7 @@ FalGlyphRegion	*gr ;
 	int		err_flg = 0;
 	int		code_num;
 	char	*tmp;
-	FalGIInf	*gi ;
+	FalGIInf	*gi = NULL;
 	int		num_gi ;
 	int		i, code ;
 
@@ -600,6 +600,9 @@ FalGlyphRegion	*gr ;
 		}
 	    }	
 	}
+
+	XFree(gi);
+
 	if( !err_flg ) {
 	    for( i=0; i<num_gr; i++ ) {
 		if( (code_num >= gr[i].start) && (code_num <= gr[i].end) )
diff --git a/cde/programs/dtudcfonted/include/udcopt.h b/cde/programs/dtudcfonted/include/udcopt.h
index ce7c3687..5abe4996 100644
--- a/cde/programs/dtudcfonted/include/udcopt.h
+++ b/cde/programs/dtudcfonted/include/udcopt.h
@@ -42,8 +42,8 @@
 #define FONT_FILE_PARM	0
 
 #define	COMM_SNF_POPEN( permission, snf_file, out_file, ep, buf, command ) { \
-	strcpy( (buf), " -i " ) ; \
-	sprintf( (command), "%s %s > %s", bdftosnf, (buf), (out_file) ); \
+	snprintf( (buf), sizeof((buf)), " -i " ) ; \
+	snprintf( (command), sizeof((command)), "%s %s > %s", bdftosnf, (buf), (out_file) ); \
 }
 #define	COMM_SNF_FILEVERSION( snf_fd, finf, buf, permission ) { \
 	read( (snf_fd), (buf), sizeof(FontInfoRec) ); \
@@ -142,7 +142,7 @@
 #define	COMM_SETSTYLE_TO_FONTDATA( style, key, mask ) { \
 	if( style ) { \
 	    char	stylebuf[ BUFSIZE ] ; \
-	    strcpy( stylebuf, style ) ; \
+	    snprintf( stylebuf, sizeof(stylebuf), "%s", style ) ; \
 	    key.style.name = stylebuf ; \
 	    mask |= FAL_FONT_MASK_STYLE_NAME ; \
 	} \
@@ -244,13 +244,13 @@
 	    }\
 	} \
 	if ( ( (srch_path) = getenv( DTUDCFONTS ) ) == NULL ) { \
-	    sprintf( (list_d), "%s/%s", DTUDCFONTSLISTDIR, (list_file) ); \
-	    sprintf( (list_c), "%s/C/%s", DTUDCFONTSLISTDIR, (list_file) ); \
-	    sprintf( (list_l), "%s/%s/%s", DTUDCFONTSLISTDIR, (locale), (list_file) ); \
+	    snprintf( (list_d), sizeof(list_d), "%s/%s", DTUDCFONTSLISTDIR, (list_file) ); \
+	    snprintf( (list_c), sizeof(list_c), "%s/C/%s", DTUDCFONTSLISTDIR, (list_file) ); \
+	    snprintf( (list_l), sizeof(list_l), "%s/%s/%s", DTUDCFONTSLISTDIR, (locale), (list_file) ); \
 	} else { \
-	    sprintf( (list_d), "%s/%s", (srch_path), (list_file) ); \
-	    sprintf( (list_c), "%s/C/%s", (srch_path), (list_file) ); \
-	    sprintf( (list_l), "%s/%s/%s", (srch_path), (locale), (list_file) ); \
+	    snprintf( (list_d), sizeof(list_d), "%s/%s", (srch_path), (list_file) ); \
+	    snprintf( (list_c), sizeof(list_c), "%s/C/%s", (srch_path), (list_file) ); \
+	    snprintf( (list_l), sizeof(list_l), "%s/%s/%s", (srch_path), (locale), (list_file) ); \
 	} \
 }
 
diff --git a/cde/programs/dtudcfonted/include/udcutil.h b/cde/programs/dtudcfonted/include/udcutil.h
index 2ce7c701..9cd911b2 100644
--- a/cde/programs/dtudcfonted/include/udcutil.h
+++ b/cde/programs/dtudcfonted/include/udcutil.h
@@ -114,7 +114,7 @@ static	char	*udc_font_sp ;
 }
 
 #define GETXLFDELMSTR( sp, xlfdname, elm_num ) { \
-	strcpy( udc_font_str_buffer, (xlfdname) ) ; \
+	snprintf( udc_font_str_buffer, sizeof(udc_font_str_buffer), "%s", (xlfdname) ) ; \
 	udc_font_sp = udc_font_str_buffer ; \
 	udc_font_elm_cnt = 0 ;\
 	while(*udc_font_sp){\
@@ -137,7 +137,7 @@ static	char	*udc_font_sp ;
 }
 
 #define GETCHARSETSTR( char_set, xlfdname ) { \
-	strcpy( udc_font_str_buffer, (xlfdname) ) ; \
+	snprintf( udc_font_str_buffer, sizeof(udc_font_str_buffer), "%s", (xlfdname) ) ; \
 	POINTXLFDELM( (char_set), udc_font_str_buffer, XLFD_ELM_CHARSET_REGISTRY ) ; \
 	(char_set)++ ; \
 }
diff --git a/cde/programs/dtudcfonted/libfal/_fallcCT.c b/cde/programs/dtudcfonted/libfal/_fallcCT.c
index d4275e72..da1dc77c 100644
--- a/cde/programs/dtudcfonted/libfal/_fallcCT.c
+++ b/cde/programs/dtudcfonted/libfal/_fallcCT.c
@@ -413,7 +413,7 @@ _fallcParseCharSet(charset)
     if (charset->name) {
 	charset->xrm_name = falrmStringToQuark(charset->name);
 
-	strcpy(buf, charset->name);
+	snprintf(buf, sizeof(buf), "%s", charset->name);
 	if (ptr = strchr(buf, ':'))
 	    *ptr = '\0';
 	charset->xrm_encoding_name = falrmStringToQuark(buf);
diff --git a/cde/programs/dtudcfonted/libfal/_fallcDB.c b/cde/programs/dtudcfonted/libfal/_fallcDB.c
index 747f1894..18038336 100644
--- a/cde/programs/dtudcfonted/libfal/_fallcDB.c
+++ b/cde/programs/dtudcfonted/libfal/_fallcDB.c
@@ -478,7 +478,7 @@ static int
 append_value_list()
 {
     char **value_list = parse_info.value;
-    char *value;
+    char *value = NULL;
     int value_num = parse_info.value_num;
     int value_len = parse_info.value_len;
     char *str = parse_info.buf;
@@ -533,9 +533,9 @@ append_value_list()
     if(value_list){
 	Xfree((char **)value_list);
     }
-    if(value){
-	Xfree(value);
-    }
+
+    Xfree(value);
+
     parse_info.value = (char **)NULL;
     parse_info.value_num = 0;
     parse_info.value_len = 0;
diff --git a/cde/programs/dtudcfonted/libfal/_fallcDefConv.c b/cde/programs/dtudcfonted/libfal/_fallcDefConv.c
index 73f54da8..1b4a5271 100644
--- a/cde/programs/dtudcfonted/libfal/_fallcDefConv.c
+++ b/cde/programs/dtudcfonted/libfal/_fallcDefConv.c
@@ -271,6 +271,8 @@ create_conv(methods)
     if (conv == NULL)
 	return (XlcConv) NULL;
 
+    conv->state = NULL;
+
     state = (State) Xmalloc(sizeof(StateRec));
     if (state == NULL)
 	goto err;
diff --git a/cde/programs/dtudcfonted/libfal/_fallcFile.c b/cde/programs/dtudcfonted/libfal/_fallcFile.c
index a391a474..1e237807 100644
--- a/cde/programs/dtudcfonted/libfal/_fallcFile.c
+++ b/cde/programs/dtudcfonted/libfal/_fallcFile.c
@@ -289,10 +289,10 @@ _fallcResolveLocaleName(lc_name, full_name, language, territory, codeset)
     }
 
     if(name != NULL){
-	strcpy(buf, name);
+	snprintf(buf, sizeof(buf), "%s", name);
 	Xfree(name);
     }else{
-	strcpy(buf, lc_name);
+	snprintf(buf, sizeof(buf), "%s", lc_name);
     }
     if(full_name != NULL){
 	strcpy(full_name, buf);
diff --git a/cde/programs/dtudcfonted/libfal/_fallcGenConv.c b/cde/programs/dtudcfonted/libfal/_fallcGenConv.c
index acca6155..ec690b39 100644
--- a/cde/programs/dtudcfonted/libfal/_fallcGenConv.c
+++ b/cde/programs/dtudcfonted/libfal/_fallcGenConv.c
@@ -1489,7 +1489,7 @@ mbtocs(conv, from, from_left, to, to_left, args, num_args)
     XlcSide side;
 
     CodeSet codeset = NULL;
-    XlcCharSet charset;
+    XlcCharSet charset = NULL;
     ParseInfo parse_info;
     XPointer p;
 
diff --git a/cde/programs/dtudcfonted/libfal/_fallcGeneric.c b/cde/programs/dtudcfonted/libfal/_fallcGeneric.c
index 287dd1e4..30f8c06e 100644
--- a/cde/programs/dtudcfonted/libfal/_fallcGeneric.c
+++ b/cde/programs/dtudcfonted/libfal/_fallcGeneric.c
@@ -546,7 +546,7 @@ XLCdGenericPart *gen;
                 Xfree(charsetd->encoding_name);
             }
 */
-            tmp = (char *)Xmalloc(strlen(value[0]+1));
+            tmp = (char *)Xmalloc(strlen(value[0]) + 1);
             strcpy(tmp,value[0]);
             charsetd->encoding_name = tmp;
             charsetd->xrm_encoding_name =
diff --git a/cde/programs/dtudcfonted/libfal/_falomGeneric.c b/cde/programs/dtudcfonted/libfal/_falomGeneric.c
index 5cc7bbab..8ba835a0 100644
--- a/cde/programs/dtudcfonted/libfal/_falomGeneric.c
+++ b/cde/programs/dtudcfonted/libfal/_falomGeneric.c
@@ -726,7 +726,7 @@ parse_omit_name(oc, font_data, pattern)
 	}
     }
 
-    strcpy(buf, pattern);
+    snprintf(buf, sizeof(buf), "%s", pattern);
     length = strlen(pattern);
     last = buf + length - 1;
     if (length > 1 && *last == '*' && *(last - 1) == '-') {
diff --git a/cde/programs/dtudcfonted/libfal/_faludcInf.c b/cde/programs/dtudcfonted/libfal/_faludcInf.c
index f41e2a16..b6437320 100644
--- a/cde/programs/dtudcfonted/libfal/_faludcInf.c
+++ b/cde/programs/dtudcfonted/libfal/_faludcInf.c
@@ -331,6 +331,7 @@ char    *charsetname;
             if( !_fallcCompareISOLatin1(font_data[i].name,charset_str)){
                 for(k=0;k<font_data[i].scopes_num;k++){
 	            if( gi_to_vgi(gi,vgi,&(font_data[i].scopes[k])) == True){
+			XFree(font_data);
 			return(True);
                     }
 	        }
@@ -341,6 +342,7 @@ char    *charsetname;
     free_fontdata(font_data);
 */
     *vgi = gi;
+    XFree(font_data);
     return(True);
 }
 
@@ -607,12 +609,14 @@ char    *charsetname;
             for(k=0;k<font_data[i].scopes_num;k++){
 	        if( vgi_to_gi(glyph,vglyph,&(font_data[i].scopes[k])) == True){
 		    strcpy(charsetname,font_data[i].name);
+		    XFree(font_data);
 		    return(True);
                 }
 	    }
         }
     }
     *glyph = vglyph;
+    XFree(font_data);
     return(True);
 }
 int
diff --git a/cde/programs/dtudcfonted/libfal/falfont.c b/cde/programs/dtudcfonted/libfal/falfont.c
index 7b0c3769..51577730 100644
--- a/cde/programs/dtudcfonted/libfal/falfont.c
+++ b/cde/programs/dtudcfonted/libfal/falfont.c
@@ -274,6 +274,7 @@ int	lockflag;
 		    fal_utyerror = _FAL_OPEN_ER;
 		    fal_utyderror = errno;
 		    fal_utyerrno |= (FAL_FUNCNUM_OPNFNT<<8) ;
+		    close( fd );
 		    return (FalFontID)FAL_ERROR;
 		}
 	} else {
@@ -3086,7 +3087,7 @@ unsigned int	*glidx ;
 			    return	FAL_ERROR;
 		    }
 		    GETCHARSETSTR( char_set, tmp_data.xlfdname ) ;
-		    strcpy( charset_name, char_set ) ;
+		    snprintf( charset_name, sizeof(charset_name), "%s", char_set ) ;
 		}
 
 		/*
diff --git a/cde/programs/dtudcfonted/libfal/readpcf.c b/cde/programs/dtudcfonted/libfal/readpcf.c
index 2d19c6ba..1a214cab 100644
--- a/cde/programs/dtudcfonted/libfal/readpcf.c
+++ b/cde/programs/dtudcfonted/libfal/readpcf.c
@@ -848,6 +848,7 @@ FalFontData		*databuff ;
 	}else{
 		set_errfile_str( fal_err_file, finf->fname ) ;
 		fal_utyerrno = FAL_ERR_PROP_FNAME ;
+		free(fnt);
 		return( _FAL_TRY_NEXT ) ;
 	}
 
diff --git a/cde/programs/dtudcfonted/libfuty/getfname.c b/cde/programs/dtudcfonted/libfuty/getfname.c
index a0b3bd97..0193989b 100644
--- a/cde/programs/dtudcfonted/libfuty/getfname.c
+++ b/cde/programs/dtudcfonted/libfuty/getfname.c
@@ -1142,7 +1142,7 @@ char	**fontname ;
 		    ep++ ;
 		}
 		*ep = '\0' ;
-		strcpy(fntbuf, sp) ;
+		snprintf(fntbuf, sizeof(fntbuf), "%s", sp) ;
 		getstat |= 0x01 ;
 		fclose( fp );
 		if (head.snf_file != NULL) {
diff --git a/cde/programs/dtudcfonted/libfuty/oakfuty.c b/cde/programs/dtudcfonted/libfuty/oakfuty.c
index 5d51eee8..9c283124 100644
--- a/cde/programs/dtudcfonted/libfuty/oakfuty.c
+++ b/cde/programs/dtudcfonted/libfuty/oakfuty.c
@@ -1638,7 +1638,7 @@ char	*path;
 char	*cmd;
 #endif
 {
-	char	*cmd_path;
+	char	*cmd_path = NULL;
 	struct stat	st;
 	char	*end;
 	char	chr_sv;
@@ -1660,7 +1660,7 @@ char	*cmd;
 		    if( st.st_mode & S_IFREG ) {
 			cmd_path = realloc( cmd_path, strlen( cmd_path ) + 1 );
 			return	cmd_path;
-		    } else	continue ;
+		    }
 		}
 		FreeString( cmd_path ) ;
 	}
diff --git a/cde/programs/dtudcfonted/util.c b/cde/programs/dtudcfonted/util.c
index 7eb639fa..a0a3854c 100644
--- a/cde/programs/dtudcfonted/util.c
+++ b/cde/programs/dtudcfonted/util.c
@@ -954,10 +954,7 @@ Widget *footer;
 	if (strchr(buttons->items[i].label, buttons->items[i].mnemonic)){
 	    sprintf(buf, "%s", buttons->items[i].label);
 	}else{
-	    strcpy(buf, buttons->items[i].label);
-	    strcat(buf, "(");
-	    strcat(buf, &(buttons->items[i].mnemonic));
-	    strcat(buf, ")");
+	    snprintf(buf, sizeof(buf), "%s(%s)", buttons->items[i].label, &(buttons->items[i].mnemonic));
 	}
 	cs = XmStringCreateLocalized(buf);
 	XtSetArg(arg[n],XmNmnemonic, buttons->items[i].mnemonic ); n++;
-- 
2.25.1