From b445e82bcba2c6aabae21afa371b40721e8cb387 Mon Sep 17 00:00:00 2001
From: ctf <fengzhaoxiang@kylinos.cn>
Date: Thu, 16 Apr 2026 09:31:33 +0800
Subject: [PATCH] tools: replace strcpy/strcat with snprintf

Potential buffer overflow when concatenating strings to fixed-size 255-byte statusbar buffer.

Fixes buffer overflow issue.
---
 src/tools/pw-top.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/tools/pw-top.c b/src/tools/pw-top.c
index 4c8036622..302449a35 100644
--- a/src/tools/pw-top.c
+++ b/src/tools/pw-top.c
@@ -582,23 +582,24 @@ static void do_refresh(struct data *d, bool force_refresh)
 
 	if (!d->batch_mode) {
 		char statusbar[255] = { 0 };
+		int len = 0;
 
 		if (!((filter->state == PW_NODE_STATE_ERROR) &&
 			(filter->followers == PW_NODE_STATE_ERROR))) {
 
-			strcpy(statusbar, "FILTER: ");
+			len = snprintf(statusbar, sizeof(statusbar), "FILTER: ");
 			if (filter->state == PW_NODE_STATE_ERROR)
-				strcat(statusbar, "ALL");
+				len += snprintf(statusbar + len, sizeof(statusbar) - len, "ALL");
 			else for (enum pw_node_state showstate = PW_NODE_STATE_RUNNING; showstate >= PW_NODE_STATE_ERROR; showstate--) {
 				if (showstate >= filter->state)
-					strcat(statusbar, state_as_string(showstate, SPA_IO_POSITION_STATE_STOPPED));
+					len += snprintf(statusbar + len, sizeof(statusbar) - len, "%s", state_as_string(showstate, SPA_IO_POSITION_STATE_STOPPED));
 			}
-			strcat(statusbar, "+");
+			len += snprintf(statusbar + len, sizeof(statusbar) - len, "+");
 			if (filter->followers == PW_NODE_STATE_ERROR)
-				strcat(statusbar, "ALL");
+				len += snprintf(statusbar + len, sizeof(statusbar) - len, "ALL");
 			else for (enum pw_node_state showstate = PW_NODE_STATE_RUNNING; showstate >= PW_NODE_STATE_ERROR; showstate--) {
 				if (showstate >= filter->followers)
-					strcat(statusbar, state_as_string(showstate, SPA_IO_POSITION_STATE_STOPPED));
+					len += snprintf(statusbar + len, sizeof(statusbar) - len, "%s", state_as_string(showstate, SPA_IO_POSITION_STATE_STOPPED));
 			}
 		}