On Fri, Nov 23, 2012 at 01:25:55PM +0100, Hans de Goede wrote: > On 11/23/2012 01:18 PM, Christophe Fergeau wrote: > >spice_server_set_ticket and spice_server_set_addr get (library) > >user-provided strings as arguments, and copy them to fixed-size > >buffers using strncpy. However, if these strings are too long, > >the copied string will not be 0-terminated, which will cause issues > >later. This commit copies one byte less than the size of the > >destination buffer. In both cases, this buffer is a static global > >variable, so its memory will be set to 0. > > You're being too clever here, this commit message may explain > why explicitly adding the terminating 0 is not necessary even > though it usually is with strncpy, but someone just reading the > code won't know that. I agree with you that it's quite magic, I just imitated what was done elsewhere in this file where strncpy is used. > > Also because of being way to easy to mis-use strncpy should just > die! So I suggest you redo this patch using snprintf instead > of strncpy, like this: > > snprintf(dst, sizeof(dst), "%s", src); I'll post a followup patch replacing these sizeof()-1 with something else, though I have a slight preference for adding a spice_strncpy which always nul-terminate the string. Are you ok with that, or do you prefer that we use snprintf? Christophe
Attachment:
pgp5xyX8OXoMk.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel