As of the conversion to safe_strcpy() years ago there has been no need
anymore to use snprintf() to prevent storing a not-nul-terminated string.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/rangeset.c
+++ b/xen/common/rangeset.c
@@ -436,14 +436,7 @@ struct rangeset *rangeset_new(
BUG_ON(flags & ~RANGESETF_prettyprint_hex);
r->flags = flags;
- if ( name != NULL )
- {
- safe_strcpy(r->name, name);
- }
- else
- {
- snprintf(r->name, sizeof(r->name), "(no name)");
- }
+ safe_strcpy(r->name, name ?: "(no name)");
if ( (r->domain = d) != NULL )
{
Hi Jan, On 06/04/2021 09:50, Jan Beulich wrote: > As of the conversion to safe_strcpy() years ago there has been no need > anymore to use snprintf() to prevent storing a not-nul-terminated string. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <jgrall@amazon.com> > > --- a/xen/common/rangeset.c > +++ b/xen/common/rangeset.c > @@ -436,14 +436,7 @@ struct rangeset *rangeset_new( > BUG_ON(flags & ~RANGESETF_prettyprint_hex); > r->flags = flags; > > - if ( name != NULL ) > - { > - safe_strcpy(r->name, name); > - } > - else > - { > - snprintf(r->name, sizeof(r->name), "(no name)"); > - } > + safe_strcpy(r->name, name ?: "(no name)"); I realize the current code is not checking the return, but I wonder we should rather than silently truncating the string. This is not a new issue, so it can dealt separately if we decide to check the return. Cheers, -- Julien Grall
On 06.04.2021 15:44, Julien Grall wrote: > On 06/04/2021 09:50, Jan Beulich wrote: >> As of the conversion to safe_strcpy() years ago there has been no need >> anymore to use snprintf() to prevent storing a not-nul-terminated string. >> >> Signed-off-by: Jan Beulich <jbeulich@suse.com> > > Acked-by: Julien Grall <jgrall@amazon.com> Thanks. >> --- a/xen/common/rangeset.c >> +++ b/xen/common/rangeset.c >> @@ -436,14 +436,7 @@ struct rangeset *rangeset_new( >> BUG_ON(flags & ~RANGESETF_prettyprint_hex); >> r->flags = flags; >> >> - if ( name != NULL ) >> - { >> - safe_strcpy(r->name, name); >> - } >> - else >> - { >> - snprintf(r->name, sizeof(r->name), "(no name)"); >> - } >> + safe_strcpy(r->name, name ?: "(no name)"); > > I realize the current code is not checking the return, but I wonder we > should rather than silently truncating the string. The name field is used only for display purposes, so I guess truncation wouldn't really be a problem here. Jan
© 2016 - 2024 Red Hat, Inc.