From: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Date: Thu, 24 Mar 2016 12:43:31 +0100
Subject: use-safe-string-functions

===================================================================
---
 files.c  |  8 ++------
 pbests.c | 15 ++++-----------
 2 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/files.c b/files.c
index b9bf110..97efaae 100644
--- a/files.c
+++ b/files.c
@@ -104,9 +104,7 @@ int SourceHomeFile(GameStats* Game)
 		perror("SourceHomeFile::getenv");
 		return 1;
 	}
-	strcpy(Pathname,Buffer);
-	strcat(Pathname,"/");
-	strcat(Pathname,DFL_PREFS_FILE);
+	snprintf(Pathname, MAX_LINE-1, "%s/%s", Buffer, DFL_PREFS_FILE);
 
 	if ((PrefsFile=fopen(Pathname,"r"))==NULL)
 	{
@@ -167,9 +165,7 @@ int WritePrefsFile(GameStats* Game)
 		return 1;
 	}
 
-	strcpy(Pathname,Buffer);
-	strcat(Pathname,"/");
-	strcat(Pathname,DFL_PREFS_FILE);
+	snprintf(Pathname, MAX_LINE-1, "%s/%s", Buffer, DFL_PREFS_FILE);
 
 	if ((PrefsFile=fopen(Pathname,"w"))==NULL)
 	{
diff --git a/pbests.c b/pbests.c
index 2fb687f..ba5c106 100644
--- a/pbests.c
+++ b/pbests.c
@@ -382,7 +382,7 @@ struct BestEntry* NewBestEntry(GameStats *Game)
 		SweepError("You do not have a username!");
 		buf = "unknown";
 	}
-	strcpy(b->name, buf);
+	strncpy(b->name, buf, sizeof(b->name)-1);
 
 	/* get the real time it was completed */
 	time(&now);
@@ -436,16 +436,9 @@ char* FPTBTF(void)
 /* full path to group best times file */
 char* FPTGBTF(void)
 {
-	char *fp = NULL;
-
-	/* get me some memory for the string */
-	fp = (char*)xmalloc(strlen(mkstr(SCORESDIR)) + 11);
-
-	/* make the full path */
-	strcpy(fp, mkstr(SCORESDIR));
-	strcat(fp, "/sweeptimes");
-
-	return fp;
+#define xmkstr(x) mkstr(x)
+	return strdup(xmkstr(SCORESDIR) "/sweeptimes");
+#undef xmkstr
 }
 #endif /* USE_GROUP_BEST_FILE */
 
