From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=40731 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OKQi2-000134-9u
	for qemu-devel@nongnu.org; Fri, 04 Jun 2010 02:48:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <john.cooper@redhat.com>) id 1OKQi1-0005jh-5R
	for qemu-devel@nongnu.org; Fri, 04 Jun 2010 02:48:50 -0400
Received: from mx1.redhat.com ([209.132.183.28]:53068)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <john.cooper@redhat.com>) id 1OKQi0-0005jX-UT
	for qemu-devel@nongnu.org; Fri, 04 Jun 2010 02:48:49 -0400
Message-ID: <4C089E82.3040000@redhat.com>
Date: Fri, 04 Jun 2010 02:34:42 -0400
From: john cooper <john.cooper@redhat.com>
MIME-Version: 1.0
References: <4BAAF58E.4050507@redhat.com> <4C07FE08.9020708@codemonkey.ws>
In-Reply-To: <4C07FE08.9020708@codemonkey.ws>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH 2/4] Add virtio disk identification support
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: john.cooper@redhat.com, Rusty Russell <rusty@rustcorp.com.au>, Marc Haber <mh+qemu-devel@zugschlus.de>, qemu-devel@nongnu.org

Anthony Liguori wrote:
> On 03/25/2010 12:33 AM, john cooper wrote:
>> Fix bug which truncated serial string to 8 bytes, nul terminate.
>>
>> Signed-off-by: john cooper<john.cooper@redhat.com>
>> ---
>>
>> diff --git a/vl.c b/vl.c
>> index d69250c..b74cbba 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -1162,7 +1162,7 @@ DriveInfo *drive_init(QemuOpts *opts, void *opaque,
>>       dinfo->on_write_error = on_write_error;
>>       dinfo->opts = opts;
>>       if (serial)
>> -        strncpy(dinfo->serial, serial, sizeof(serial));
>> +        strncpy(dinfo->serial, serial, sizeof(dinfo->serial) - 1);
>>    
> 
> You need to explicitly add a null terminator.  Far better to just never
> use strncpy().

As previous this is a case where dinfo->serial[] is defined
as BLOCK_SERIAL_STRLEN + 1 bytes as an internal convenience.
Above the context of the patch here is a:

    dinfo = qemu_mallocz(sizeof(*dinfo));

which assures this will do as intended, namely copy all
potential BLOCK_SERIAL_STRLEN bytes and assure they are
nul terminated should the full length be present.

I didn't conjure up the existing logic but rather am 
trying to peacefully coexist with it.

-john

-- 
john.cooper@redhat.com