fix(deps) ia32_insn potentially unsafe call to strncat

[odaysec]

desktop/deps/breakpad/third_party/libdisasm/ia32_insn.c

Lines 226 to 235 in 896565c

	strncat(insn->prefix_string, "lock ", 32 -
	strlen(insn->prefix_string));
	}
	if ( (unsigned int)insn->prefix & PREFIX_REPNZ ) {
	strncat(insn->prefix_string, "repnz ", 32 -
	strlen(insn->prefix_string));
	} else if ( (unsigned int)insn->prefix & PREFIX_REPZ ) {
	strncat(insn->prefix_string, "repz ", 32 -
	strlen(insn->prefix_string));

Fix the issue need to ensure that the strncat function does not write beyond the bounds of the insn->prefix_string buffer. This can be achieved by explicitly defining the size of the buffer and ensuring that the third argument to strncat accounts for the null-terminator. The calculation should be updated to sizeof(insn->prefix_string) - strlen(insn->prefix_string) - 1, which reserves space for the null-terminator. Additionally, we should verify that insn->prefix_string is properly initialized and null-terminated before any concatenation operations.

---

Improper Restriction of Operations within the Bounds of a Memory Buffer

The standard library function strncat appends a source string to a target string. The third argument defines the maximum number of characters to append and should be less than or equal to the remaining space in the destination buffer. Calls of the form strncat(dest, src, strlen(dest)) or strncat(dest, src, sizeof(dest)) set the third argument to the entire size of the destination buffer. Executing a call of this type may cause a buffer overflow unless the buffer is known to be empty. Similarly, calls of the form strncat(dest, src, sizeof (dest) - strlen (dest)) allow one byte to be written outside the dest buffer. Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.

strncat, strncpy
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator