On Thu, Dec 3, 2015 at 12:49 PM, Mike Holmes <[email protected]> wrote:
> Fixes Bug 1905 - CID 154167: > > Calling strncpy with a maximum size argument of ODP_TABLE_NAME_LEN > bytes on destination array tbl->name of size ODP_TABLE_NAME_LEN bytes > might leave the destination string unterminated if the copied string is > also of the maximum size ODP_TABLE_NAME_LEN. > > Make the copy leave one char for the null terminator. > > Signed-off-by: Mike Holmes <[email protected]> > Reviewed-by: Bill Fischofer <[email protected]> > --- > helper/hashtable.c | 2 +- > helper/lineartable.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/helper/hashtable.c b/helper/hashtable.c > index 1121beb..e0f562e 100644 > --- a/helper/hashtable.c > +++ b/helper/hashtable.c > @@ -92,7 +92,7 @@ odph_table_t odph_hash_table_create(const char *name, > uint32_t capacity, > memset(tbl, 0, capacity << 20); > > tbl->init_cap = capacity << 20; > - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); > + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); > tbl->key_size = key_size; > tbl->value_size = value_size; > > diff --git a/helper/lineartable.c b/helper/lineartable.c > index b0759f9..68d9350 100644 > --- a/helper/lineartable.c > +++ b/helper/lineartable.c > @@ -73,7 +73,7 @@ odph_table_t odph_linear_table_create(const char *name, > uint32_t capacity, > > tbl->init_cap = capacity < 20; > > - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); > + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); > > /* for linear table, the key is just the index, without confict > * so we just need to record the value content > -- > 2.5.0 > > _______________________________________________ > lng-odp mailing list > [email protected] > https://lists.linaro.org/mailman/listinfo/lng-odp >
_______________________________________________ lng-odp mailing list [email protected] https://lists.linaro.org/mailman/listinfo/lng-odp
