From d9cf16c0bee5b97fb76e0e1ad915a22bec0031b9 Mon Sep 17 00:00:00 2001 From: Xie Yongji Date: Wed, 6 Jul 2022 17:56:23 +0800 Subject: [PATCH] libvduse: Replace strcpy() with strncpy() Coverity reported a string overflow issue since we copied "name" to "dev_config->name" without checking the length. This should be a false positive since we already checked the length of "name" in vduse_name_is_invalid(). But anyway, let's replace strcpy() with strncpy() (as a general library, we'd like to minimize dependencies on other libraries, so we didn't use g_strlcpy() here) to fix the coverity complaint. Fixes: Coverity CID 1490224 Signed-off-by: Xie Yongji Reviewed-by: Markus Armbruster Message-Id: <20220706095624.328-3-xieyongji@bytedance.com> Signed-off-by: Kevin Wolf --- subprojects/libvduse/libvduse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c index 6374933881..1e36227388 100644 --- a/subprojects/libvduse/libvduse.c +++ b/subprojects/libvduse/libvduse.c @@ -1309,7 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id, goto err_dev; } - strcpy(dev_config->name, name); + strncpy(dev_config->name, name, VDUSE_NAME_MAX); + dev_config->name[VDUSE_NAME_MAX - 1] = '\0'; dev_config->device_id = device_id; dev_config->vendor_id = vendor_id; dev_config->features = features;