- strncpy(cmd, prefilter_cmd, sizeof(cmd) - 1);
- strcat(cmd, " ");
- strncat(cmd, fname, sizeof(cmd) - strlen(cmd) - 1);
- fp = popen(cmd, "r");
- if(!fp)
- return(-1);
+ char cmd[OS_MAXSTR];
+ size_t target_length = strlen(prefilter_cmd) + 1 + strlen(fname);
+ int res = snprintf(cmd, sizeof(cmd), "%s %s", prefilter_cmd, fname);
+ if (res < 0 || (unsigned int)res != target_length) {
+ return (-1);
+ }
+ fp = popen(cmd, "r");
+ if (!fp) {
+ return (-1);
+ }