Just sent the same patch... oh well. Acked-by: Lukáš Hrázký <lhrazky@xxxxxxxxxx> On Wed, 2019-01-30 at 15:13 +0000, Frediano Ziglio wrote: > Avoid using strncpy, considered not secure. > In this case a simple memcpy is used, we are going to terminate > the string in any case on the next line. > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > --- > server/red-stream-device.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/server/red-stream-device.c b/server/red-stream-device.c > index 440b2689..2a210cc7 100644 > --- a/server/red-stream-device.c > +++ b/server/red-stream-device.c > @@ -330,9 +330,9 @@ handle_msg_device_display_info(StreamDevice *dev, SpiceCharDeviceInstance *sin) > return true; > } > > - strncpy(dev->device_display_info.device_address, > - (char*) display_info_msg->device_address, > - device_address_len); > + memcpy(dev->device_display_info.device_address, > + (char*) display_info_msg->device_address, > + device_address_len); > > // make sure the string is terminated > dev->device_display_info.device_address[device_address_len - 1] = '\0'; _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel