summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXie Yongji2022-07-06 11:56:23 +0200
committerKevin Wolf2022-08-02 11:01:41 +0200
commitd9cf16c0bee5b97fb76e0e1ad915a22bec0031b9 (patch)
treea176f9a5f8f14ef9a7308af0be13a2e1c1c90e85
parentlibvduse: Fix the incorrect function name (diff)
downloadqemu-d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9.tar.gz
qemu-d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9.tar.xz
qemu-d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9.zip
libvduse: Replace strcpy() with strncpy()
Coverity reported a string overflow issue since we copied "name" to "dev_config->name" without checking the length. This should be a false positive since we already checked the length of "name" in vduse_name_is_invalid(). But anyway, let's replace strcpy() with strncpy() (as a general library, we'd like to minimize dependencies on other libraries, so we didn't use g_strlcpy() here) to fix the coverity complaint. Fixes: Coverity CID 1490224 Signed-off-by: Xie Yongji <xieyongji@bytedance.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20220706095624.328-3-xieyongji@bytedance.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-rw-r--r--subprojects/libvduse/libvduse.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 6374933881..1e36227388 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1309,7 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
goto err_dev;
}
- strcpy(dev_config->name, name);
+ strncpy(dev_config->name, name, VDUSE_NAME_MAX);
+ dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
dev_config->device_id = device_id;
dev_config->vendor_id = vendor_id;
dev_config->features = features;