From 9585de00e247b1597914073031dca6308a8c1a0a Mon Sep 17 00:00:00 2001
From: Saad Najmi <sanajmi@microsoft.com>
Date: Tue, 4 Mar 2025 03:37:55 -0600
Subject: [PATCH 1/2] chore(security): avoid use of `strcpy`

---
 src/symbolize.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/symbolize.cc b/src/symbolize.cc
index 6cb0e1222..da59738a5 100644
--- a/src/symbolize.cc
+++ b/src/symbolize.cc
@@ -832,8 +832,10 @@ static ATTRIBUTE_NOINLINE bool SymbolizeAndDemangle(
   Dl_info info;
   if (dladdr(pc, &info)) {
     if (info.dli_sname) {
-      if (strlen(info.dli_sname) < out_size) {
-        strcpy(out, info.dli_sname);
+      int name_length = strlen(info.dli_sname);
+      if (name_length < out_size) {
+        memcpy(out, info.dli_sname, name_length);
+        out[name_length] = '\0';
         // Symbolization succeeded.  Now we try to demangle the symbol.
         DemangleInplace(out, out_size);
         return true;

From 184390ef4f0f8a19e20363b6d55bae769f9b63b1 Mon Sep 17 00:00:00 2001
From: Saad Najmi <sanajmi@microsoft.com>
Date: Mon, 31 Mar 2025 12:16:42 -0700
Subject: [PATCH 2/2] use strlcpy instead

---
 src/symbolize.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/symbolize.cc b/src/symbolize.cc
index da59738a5..e5c3a7f4c 100644
--- a/src/symbolize.cc
+++ b/src/symbolize.cc
@@ -834,8 +834,7 @@ static ATTRIBUTE_NOINLINE bool SymbolizeAndDemangle(
     if (info.dli_sname) {
       int name_length = strlen(info.dli_sname);
       if (name_length < out_size) {
-        memcpy(out, info.dli_sname, name_length);
-        out[name_length] = '\0';
+        strlcpy(out, info.dli_sname, name_length);
         // Symbolization succeeded.  Now we try to demangle the symbol.
         DemangleInplace(out, out_size);
         return true;