1. Patchew
  2. QEMU
  3. [PATCH 0/4] Fix some coverity issues on VDUSE
  4. View patch

[PATCH 2/4] libvduse: Replace strcpy() with strncpy()

Xie Yongji posted 4 patches 3 years, 7 months ago
Maintainers: Xie Yongji <xieyongji@bytedance.com>
There is a newer version of this series
[PATCH 2/4] libvduse: Replace strcpy() with strncpy()
Posted by Xie Yongji 3 years, 7 months ago 
Coverity reported a string overflow issue since we copied
"name" to "dev_config->name" without checking the length.
This should be a false positive since we already checked
the length of "name" in vduse_name_is_invalid(). But anyway,
let's replace strcpy() with strncpy() to fix the coverity
complaint.

Fixes: Coverity CID 1490224
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
---
 subprojects/libvduse/libvduse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 6374933881..1e36227388 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1309,7 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
         goto err_dev;
     }
 
-    strcpy(dev_config->name, name);
+    strncpy(dev_config->name, name, VDUSE_NAME_MAX);
+    dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
     dev_config->device_id = device_id;
     dev_config->vendor_id = vendor_id;
     dev_config->features = features;
-- 
2.20.1
Re: [PATCH 2/4] libvduse: Replace strcpy() with strncpy()
Posted by Markus Armbruster 3 years, 7 months ago 
Xie Yongji <xieyongji@bytedance.com> writes:

> Coverity reported a string overflow issue since we copied
> "name" to "dev_config->name" without checking the length.
> This should be a false positive since we already checked
> the length of "name" in vduse_name_is_invalid(). But anyway,
> let's replace strcpy() with strncpy() to fix the coverity
> complaint.

Mention why you can't use something nicer from GLib?

> Fixes: Coverity CID 1490224
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Re: [PATCH 2/4] libvduse: Replace strcpy() with strncpy()
Posted by Richard Henderson 3 years, 7 months ago 
On 6/27/22 14:32, Xie Yongji wrote:
> -    strcpy(dev_config->name, name);
> +    strncpy(dev_config->name, name, VDUSE_NAME_MAX);
> +    dev_config->name[VDUSE_NAME_MAX - 1] = '\0';

g_strlcpy

r~
Re: [PATCH 2/4] libvduse: Replace strcpy() with strncpy()
Posted by Yongji Xie 3 years, 7 months ago 
On Tue, Jun 28, 2022 at 8:26 AM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 6/27/22 14:32, Xie Yongji wrote:
> > -    strcpy(dev_config->name, name);
> > +    strncpy(dev_config->name, name, VDUSE_NAME_MAX);
> > +    dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
>
> g_strlcpy
>

Now we don't have a dependency on glib, so we use strncpy here.

Thanks,
Yongji

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.