From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:59274) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TJjKY-0002J9-D0 for qemu-devel@nongnu.org; Thu, 04 Oct 2012 07:11:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TJjKT-0003Gm-G8 for qemu-devel@nongnu.org; Thu, 04 Oct 2012 07:11:02 -0400 Received: from mx.meyering.net ([88.168.87.75]:57000 helo=hx.meyering.net) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TJjKT-0003GM-3r for qemu-devel@nongnu.org; Thu, 04 Oct 2012 07:10:57 -0400 From: Jim Meyering Date: Thu, 4 Oct 2012 13:09:46 +0200 Message-Id: <1349349003-15672-4-git-send-email-jim@meyering.net> In-Reply-To: <1349349003-15672-1-git-send-email-jim@meyering.net> References: <1349349003-15672-1-git-send-email-jim@meyering.net> Subject: [Qemu-devel] [PATCHv3 03/20] block: avoid buffer overrun by using pstrcpy, not strncpy List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Jim Meyering From: Jim Meyering Also, use PATH_MAX, rather than the arbitrary 1024. Using PATH_MAX is more consistent with other filename-related variables in this file, like backing_filename and tmp_filename. Acked-by: Kevin Wolf Signed-off-by: Jim Meyering --- block.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block.c b/block.c index 751ebdc..b62432c 100644 --- a/block.c +++ b/block.c @@ -1503,7 +1503,7 @@ int bdrv_commit(BlockDriverState *bs) int n, ro, open_flags; int ret = 0; uint8_t *buf; - char filename[1024]; + char filename[PATH_MAX]; if (!drv) return -ENOMEDIUM; @@ -1517,7 +1517,8 @@ int bdrv_commit(BlockDriverState *bs) } ro = bs->backing_hd->read_only; - strncpy(filename, bs->backing_hd->filename, sizeof(filename)); + /* Use pstrcpy (not strncpy): filename must be NUL-terminated. */ + pstrcpy(filename, sizeof(filename), bs->backing_hd->filename); open_flags = bs->backing_hd->open_flags; if (ro) { -- 1.8.0.rc0.18.gf84667d