diff options
author | Kaleb S. KEITHLE <kkeithle@redhat.com> | 2018-11-09 09:45:05 -0500 |
---|---|---|
committer | Amar Tumballi <amarts@redhat.com> | 2018-11-15 05:06:59 +0000 |
commit | 4a4ba1f2eb0be2da9e88560246730af87788295f (patch) | |
tree | bc0a3bc043e012efc60dc58e131abb47c50ce979 /tests/bitrot | |
parent | 76906af9d70fc784de728a70e3dbda62dece5e10 (diff) |
core: fix strncpy warnings
Since gcc-8.2.x (fedora-28 or so) gcc has been emitting warnings
about buggy use of strncpy.
Most uses that gcc warns about in our sources are exactly backwards;
the 'limit' or len is the strlen/size of the _source param_, giving
exactly zero protection against overruns. (Which was, after all, one
of the points of using strncpy in the first place.)
IOW, many warnings are about uses that look approximately like this:
...
char dest[8];
char src[] = "this is a string longer than eight chars";
...
strncpy (dest, src, sizeof(src)); /* boom */
...
The len/limit should be sizeof(dest).
Note: the above example has a definite over-run. In our source the
overrun is typically only theoretical (but possibly exploitable.)
Also strncpy doesn't null-terminate on truncation; snprintf does; prefer
snprintf over strncpy.
Mildly surprising that coverity doesn't warn/isn't warning about this.
Change-Id: I022d5c6346a751e181ad44d9a099531c1172626e
updates: bz#1193929
Signed-off-by: Kaleb S. KEITHLE <kkeithle@redhat.com>
Diffstat (limited to 'tests/bitrot')
0 files changed, 0 insertions, 0 deletions