diff options
author | Xie Yongji <xieyongji@bytedance.com> | 2022-07-06 17:56:23 +0800 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2022-08-02 11:01:41 +0200 |
commit | d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9 (patch) | |
tree | a176f9a5f8f14ef9a7308af0be13a2e1c1c90e85 /subprojects/libvduse | |
parent | e7156ff7cb3ea79c5c859168484a216c431bdd5a (diff) | |
download | qemu-d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9.zip qemu-d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9.tar.gz qemu-d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9.tar.bz2 |
libvduse: Replace strcpy() with strncpy()
Coverity reported a string overflow issue since we copied
"name" to "dev_config->name" without checking the length.
This should be a false positive since we already checked
the length of "name" in vduse_name_is_invalid(). But anyway,
let's replace strcpy() with strncpy() (as a general library,
we'd like to minimize dependencies on other libraries, so we
didn't use g_strlcpy() here) to fix the coverity complaint.
Fixes: Coverity CID 1490224
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20220706095624.328-3-xieyongji@bytedance.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'subprojects/libvduse')
-rw-r--r-- | subprojects/libvduse/libvduse.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c index 6374933..1e36227 100644 --- a/subprojects/libvduse/libvduse.c +++ b/subprojects/libvduse/libvduse.c @@ -1309,7 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id, goto err_dev; } - strcpy(dev_config->name, name); + strncpy(dev_config->name, name, VDUSE_NAME_MAX); + dev_config->name[VDUSE_NAME_MAX - 1] = '\0'; dev_config->device_id = device_id; dev_config->vendor_id = vendor_id; dev_config->features = features; |