On 03/03/11 14:06, Stefan Hajnoczi wrote:
> On Thu, Mar 3, 2011 at 10:44 AM, <jes.soren...@redhat.com> wrote:
>> + char old_filename[1024];
>> +
>> + old_filename[1023] = '\0';
>>
>> if (!filename) {
>> qerror_report(QERR_MISSING_PARAMETER, "snapshot_file");
>> @@ -591,6 +594,10 @@ int do_snapshot_blkdev(Monitor *mon, const QDict
>> *qdict, QObject **ret_data)
>> goto out;
>> }
>>
>> + strncpy(old_filename, bs->filename, 1024);
>
> strncpy does not NUL-terminate if you reach the maximum length. The
> source buffer is 1024 chars so we should be fine unless there is a bug
> somewhere else too, but please move the old_filename[1023] = '\0'
> after the strncpy and use sizeof(old_filename) as the maximum instead
> of 1024.
Good point, I was trying to catch it but got it backwards :(
Cheers,
Jes
