2 files changed, 17 insertions, 11 deletions

diff --git a/cpu_ref/rsCpuCore.cpp b/cpu_ref/rsCpuCore.cpp
index 43e45218..f4f9c4c9 100644
--- a/cpu_ref/rsCpuCore.cpp
+++ b/cpu_ref/rsCpuCore.cpp
@@ -483,7 +483,7 @@ static const int kFormatInBytesMax = 16;
 // ": " + 2 digits per byte + 1 separator between bytes + "..." + null
 typedef char FormatBuf[2 + kFormatInBytesMax*2 + (kFormatInBytesMax - 1) + 3 + 1];
 static const char *format_bytes(FormatBuf *outBuf, const uint8_t *inBuf, const int inBytes) {
-  strcpy(*outBuf, ": ");
+  strlcpy(*outBuf, ": ", sizeof(FormatBuf));
   int pos = 2;
   const int lim = std::min(kFormatInBytesMax, inBytes);
   for (int i = 0; i < lim; ++i) {
@@ -495,7 +495,7 @@ static const char *format_bytes(FormatBuf *outBuf, const uint8_t *inBuf, const i
     pos += 2;
   }
   if (kFormatInBytesMax < inBytes)
-    strcpy(*outBuf + pos, "...");
+    strlcpy(*outBuf + pos, "...", sizeof(FormatBuf) - pos);
   return *outBuf;
 }
 
diff --git a/cpu_ref/rsCpuExecutable.cpp b/cpu_ref/rsCpuExecutable.cpp
index 91d93556..fbc34935 100644
--- a/cpu_ref/rsCpuExecutable.cpp
+++ b/cpu_ref/rsCpuExecutable.cpp
@@ -299,6 +299,18 @@ static char* strgets(char *s, int size, const char **ppstr) {
     return s;
 }
 
+// Creates a duplicate of a string. The new string is as small as possible,
+// only including characters up to and including the first null-terminator;
+// otherwise, the new string will be the same size as the input string.
+// The code that calls duplicateString is responsible for the new string's
+// lifetime, and is responsible for freeing it when it is no longer needed.
+static char* duplicateString(const char *str, size_t length) {
+    const size_t newLen = strnlen(str, length-1) + 1;
+    char *newStr = new char[newLen];
+    strlcpy(newStr, str, newLen);
+    return newStr;
+}
+
 ScriptExecutable* ScriptExecutable::createFromSharedObject(
     void* sharedObj, uint32_t expectedChecksum) {
     char line[MAXLINE];
@@ -369,8 +381,7 @@ ScriptExecutable* ScriptExecutable::createFromSharedObject(
         }
         fieldAddress[i] = addr;
         fieldIsObject[i] = false;
-        fieldName[i] = new char[strlen(line)+1];
-        strcpy(fieldName[i], line);
+        fieldName[i] = duplicateString(line, sizeof(line));
     }
 
     if (strgets(line, MAXLINE, &rsInfo) == nullptr) {
@@ -623,13 +634,8 @@ ScriptExecutable* ScriptExecutable::createFromSharedObject(
             goto error;
         }
 
-        char *pKey = new char[strlen(key)+1];
-        strcpy(pKey, key);
-        pragmaKeys[i] = pKey;
-
-        char *pValue = new char[strlen(value)+1];
-        strcpy(pValue, value);
-        pragmaValues[i] = pValue;
+        pragmaKeys[i] = duplicateString(key, sizeof(key));
+        pragmaValues[i] = duplicateString(value, sizeof(value));
         //ALOGE("Pragma %zu: Key: '%s' Value: '%s'", i, pKey, pValue);
     }