On Wed, 2014-06-04 at 23:32 +0200, Rickard Strandqvist wrote: > Added a guaranteed null-terminate after call to strncpy. > > This was partly found using a static code analysis program called cppcheck. > > Signed-off-by: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> > --- > drivers/scsi/bfa/bfad_attr.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/bfa/bfad_attr.c b/drivers/scsi/bfa/bfad_attr.c > index 40be670..06aa3dd 100644 > --- a/drivers/scsi/bfa/bfad_attr.c > +++ b/drivers/scsi/bfa/bfad_attr.c > @@ -843,7 +843,8 @@ bfad_im_symbolic_name_show(struct device *dev, struct device_attribute *attr, > > bfa_fcs_lport_get_attr(&bfad->bfa_fcs.fabric.bport, &port_attr); > strncpy(symname, port_attr.port_cfg.sym_name.symname, > - BFA_SYMNAME_MAXLEN); > + sizeof(symname)); > + symname[sizeof(symname) - 1] = '\0'; So actually, this isn't the correct pattern for this type of potential problem, where the problem exists, the pattern is to replace strncpy() with strlcpy() which does a correct null termination on truncation. In this case I presume your static checker isn't sufficiently clever to see that there isn't a bug because port_attr.port_cfg.sym_name.symname is carefully copied to be NULL terminated and always less than BFA_SYMNAME_MAXLEN, so when copying out of it we can rely on the NULL termination fitting into BFA_SYMNAME_MAXLEN. James -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
