gcc-8 complains:
tapdisk-vbd.c: In function 'tapdisk_vbd_resume_ring':
tapdisk-vbd.c:1671:53: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=]
snprintf(params.name, sizeof(params.name) - 1, "%s", message);
^
tapdisk-vbd.c:1671:3: note: 'snprintf' output between 1 and 256 bytes into a destination of size 255
snprintf(params.name, sizeof(params.name) - 1, "%s", message);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The "- 1" in buffer size should be actually applied to message, to leave
place for terminating '\0', not the other way around (truncate '\0' even
if it would fit).
In function 'tapdisk_control_open_image',
inlined from 'tapdisk_control_handle_request' at tapdisk-control.c:660:10:
tapdisk-control.c:465:2: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation]
strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'tapdisk_control_create_socket',
inlined from 'tapdisk_control_open' at tapdisk-control.c:836:9:
tapdisk-control.c:793:2: error: 'strncpy' specified bound 108 equals destination size [-Werror=stringop-truncation]
strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block-qcow.c: In function 'qcow_create':
block-qcow.c:1216:5: error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
strncpy(backing_filename, backing_file,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sizeof(backing_filename));
~~~~~~~~~~~~~~~~~~~~~~~~~
I those cases, reduce size of copied string and make sure final '\0' is
added.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Release-Acked-by: Juergen Gross <jgross@suse.com>
(cherry picked from commit
850e89b3ef1a7be6b71fa7ae22333c884e08431a)
if (p && (p - backing_file) >= 2) {
/* URL like but exclude "c:" like filenames */
strncpy(backing_filename, backing_file,
- sizeof(backing_filename));
+ sizeof(backing_filename) - 1);
+ backing_filename[sizeof(backing_filename) - 1] = '\0';
} else {
if (realpath(backing_file, backing_filename) == NULL ||
stat(backing_filename, &st) != 0) {
params.capacity = image.size;
params.sector_size = image.secsize;
- strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN);
+ strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN - 1);
+ params.name[BLKTAP2_MAX_MESSAGE_LEN - 1] = '\0';
err = ioctl(vbd->ring.fd, BLKTAP2_IOCTL_CREATE_DEVICE, ¶ms);
if (err && errno != EEXIST) {
}
memset(&saddr, 0, sizeof(saddr));
- strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path));
+ strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path) - 1);
saddr.sun_family = AF_UNIX;
err = bind(td_control.socket,
params.sector_size = image.secsize;
params.capacity = image.size;
- snprintf(params.name, sizeof(params.name) - 1, "%s", message);
+ snprintf(params.name, sizeof(params.name),
+ "%.*s", (int)sizeof(params.name) - 1, message);
ioctl(vbd->ring.fd, BLKTAP2_IOCTL_SET_PARAMS, ¶ms);
td_flag_clear(vbd->state, TD_VBD_PAUSED);
projects / xen.git / commitdiff