On Tue, 17 Aug 2021, Nigel Croxon wrote: > To meet requirements of Common Criteria certification vulnerablility > assessment. Static code analysis has been run and found the following > error: > buffer_size_warning: Calling "strncpy" with a maximum size > argument of 16 bytes on destination array "ve->name" of > size 16 bytes might leave the destination string unterminated. > > The change is to make the destination size to fit the allocated size. > > Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx> > --- > super-ddf.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/super-ddf.c b/super-ddf.c > index dc8e512f..486183ed 100644 > --- a/super-ddf.c > +++ b/super-ddf.c > @@ -2637,9 +2637,10 @@ static int init_super_ddf_bvd(struct supertype *st, > ve->init_state = DDF_init_not; > > memset(ve->pad1, 0xff, 14); > - memset(ve->name, ' ', 16); > + memset(ve->name, ' ', 15); > + ve->name[15] = '\0'; > if (name) > - strncpy(ve->name, name, 16); > + strncpy(ve->name, name, 15); This is not correct. ve->name is *not* required to be nul-terminated. It is a string that can be up to 16 bytes long. If it is less than 16 bytes, it is nul-padded. Probably the way to get coverity to stop complaining is to use memcpy. if (name) { int l = strlen(name; if (l > 16) l = 16; memcpy(ve->name, name, l); } Probably the ->name should be initialized to '\0', not spaces. https://www.snia.org/sites/default/files/SNIA_DDF_Technical_Position_v2.0.pdf describes the format. Some fields are specified as being padded with spaces, but not VD_Name (which is ve->name). The field is specified as being either ASCII or "UNICODE" (which doesn't make any sense as "UNICODE" is not a byte-encoding. Presumably it means "UTF-8") and that: If this field is not used, all bytes MUST be set to zero. So it should probably be zero-padded. But there is definitely no requirement for it to be zero-terminated. Thanks, NeilBrown > ddf->virt->populated_vdes = > cpu_to_be16(be16_to_cpu(ddf->virt->populated_vdes)+1); > > -- > 2.29.2 > >