On 6/21/2016 4:18 PM, Reshma Pattan wrote: > using source length in strncpy can cause destination > overflow if destination length is not big enough to > handle the source string. Changes are made to use destination > size instead of source length in strncpy. > > Coverity issue 127351: string overflow > > Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing") > > Signed-off-by: Reshma Pattan <reshma.pattan at intel.com> > --- > app/pdump/main.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/app/pdump/main.c b/app/pdump/main.c > index f8923b9..af92ef3 100644 > --- a/app/pdump/main.c > +++ b/app/pdump/main.c > @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value, void > *extra_args) > struct pdump_tuples *pt = extra_args; > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > - strncpy(pt->rx_dev, value, strlen(value)); > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1);
I guess size-1 is to give room for terminating null byte, but for this case is it guarantied that pt->rx_dev last byte is NULL?