mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libvduse: Replace strcpy() with strncpy()

Browse Source 
Coverity reported a string overflow issue since we copied
"name" to "dev_config->name" without checking the length.
This should be a false positive since we already checked
the length of "name" in vduse_name_is_invalid(). But anyway,
let's replace strcpy() with strncpy() (as a general library,
we'd like to minimize dependencies on other libraries, so we
didn't use g_strlcpy() here) to fix the coverity complaint.

Fixes: Coverity CID 1490224
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20220706095624.328-3-xieyongji@bytedance.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Xie Yongji 2022-07-06 17:56:23 +08:00 committed by Kevin Wolf
parent e7156ff7cb
commit d9cf16c0be
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
subprojects/libvduse/libvduse.c
View File

@ -1309,7 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
goto err_dev;
}
strcpy(dev_config->name, name);
strncpy(dev_config->name, name, VDUSE_NAME_MAX);
dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
dev_config->device_id = device_id;
dev_config->vendor_id = vendor_id;
dev_config->features = features;