Fix a number of complaints about feeding sizeof(dest) directly to
strncpy. We do this by feeding strncpy the length of the buffer minus
one, having checked that the allocated space are long enough.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Bill O'Donnell <billodo@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
struct xfs_mount *mp,
struct xfs_sb *sbp)
{
- if (cfg->label)
- strncpy(sbp->sb_fname, cfg->label, sizeof(sbp->sb_fname));
+ if (cfg->label) {
+ size_t label_len;
+
+ /*
+ * Labels are null terminated unless the string fits exactly
+ * in the label field, so assume sb_fname is zeroed and then
+ * do a memcpy because the destination isn't a normal C string.
+ */
+ label_len = min(sizeof(sbp->sb_fname), strlen(cfg->label));
+ memcpy(sbp->sb_fname, cfg->label, label_len);
+ }
sbp->sb_dblocks = cfg->dblocks;
sbp->sb_rblocks = cfg->rtblocks;
uint type)
{
char buffer[512];
- char devbuffer[512];
- char *dev = NULL;
+ char dev[512];
uint mask;
int cnt;
uint32_t id;
while (fgets(buffer, sizeof(buffer), fp) != NULL) {
if (strncmp("fs = ", buffer, 5) == 0) {
- dev = strncpy(devbuffer, buffer+5, sizeof(devbuffer));
+ /*
+ * Copy the device name to dev, strip off the trailing
+ * newline, and move on to the next line.
+ */
+ strncpy(dev, buffer + 5, sizeof(dev) - 1);
dev[strlen(dev) - 1] = '\0';
continue;
}