diff options
| author | Jim Meyering | 2012-10-04 13:09:55 +0200 |
|---|---|---|
| committer | Anthony Liguori | 2012-10-05 14:58:37 +0200 |
| commit | e5fda03839e3c61b01d6c60de5625501d01c69d0 (patch) | |
| tree | c5087ac23b37454f1d35a65074178cf5208ac157 /hw/9pfs | |
| parent | ui/vnc: simplify and avoid strncpy (diff) | |
| download | qemu-e5fda03839e3c61b01d6c60de5625501d01c69d0.tar.gz qemu-e5fda03839e3c61b01d6c60de5625501d01c69d0.tar.xz qemu-e5fda03839e3c61b01d6c60de5625501d01c69d0.zip | |
bt: replace fragile snprintf use and unwarranted strncpy
In bt_hci_name_req a failed snprintf could return len larger than
sizeof(params.name), which means the following memset call would
have a "length" value of (size_t)-1, -2, etc... Sounds scary.
But currently, one can deduce that there is no problem:
strlen(slave->lmp_name) is guaranteed to be smaller than
CHANGE_LOCAL_NAME_CP_SIZE, which is the same as sizeof(params.name),
so this cannot happen. Regardless, there is no justification for
using snprintf+memset. Use pstrcpy instead.
Also, in bt_hci_event_complete_read_local_name, use pstrcpy in place
of unwarranted strncpy.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw/9pfs')
0 files changed, 0 insertions, 0 deletions