> -----Original Message-----
> From: Thomas Monjalon [mailto:tho...@monjalon.net]
> Sent: Tuesday, May 22, 2018 10:48 AM
> To: Liu, Changpeng <changpeng....@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer
> overrun with safe copy API
>
> 18/05/2018 01:32, Changpeng Liu:
> > Signed-off-by: Changpeng Liu <changpeng....@intel.com>
>
> Missing explanations.
>
> > - strlcpy((char *)vpage->params, bdev->name,
> > - sizeof(vpage->params));
> > + vhost_strcpy_pad((char *)vpage->params, bdev->name,
> > + sizeof(vpage->params), ' ');
>
> Why do you think vhost_strcpy_pad is safer than strlcpy?
A code Coverity issue 279452 reported for strlcpy, so here replace with
internal API can avoid it.
>
> > - strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> > - strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
> > + snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
> > + snprintf(bdev->product_name, sizeof(bdev->product_name),
> > + "%s", bdev_serial);
>
> You should use strlcpy.
>
