On 5 April 2018 at 18:13, Adam Jackson <a...@redhat.com> wrote:
> This threw:
>
> ../hw/dmx/input/dmxarg.c: In function ‘dmxArgParse’:
> ../hw/dmx/input/dmxarg.c:128:5: warning: ‘strncpy’ specified bound depends on 
> the length of the source argument [-Wstringop-overflow=]
>      strncpy(tmp, string, len);
>      ^~~~~~~~~~~~~~~~~~~~~~~~~
> ../hw/dmx/input/dmxarg.c:126:11: note: length computed here
>      len = strlen(string) + 2;
>            ^~~~~~~~~~~~~~
>
> This code predates xstrtokenize, but that's no excuse.
>
> Signed-off-by: Adam Jackson <a...@redhat.com>
> ---
>  hw/dmx/input/dmxarg.c | 23 +++++------------------
>  1 file changed, 5 insertions(+), 18 deletions(-)
>
> diff --git a/hw/dmx/input/dmxarg.c b/hw/dmx/input/dmxarg.c
> index 6c21ae959a..582ed3faa6 100644
> --- a/hw/dmx/input/dmxarg.c
> +++ b/hw/dmx/input/dmxarg.c
> @@ -114,30 +114,17 @@ dmxArgC(dmxArg a)
>  dmxArg
>  dmxArgParse(const char *string)
>  {
> -    char *tmp;
> -    char *start, *pt;
> +    int i = 0;
>      dmxArg a = dmxArgCreate();
This allocates 2 pointers in a->argv

> -    int done;
> -    int len;
>
>      if (!string)
>          return a;
>
> -    len = strlen(string) + 2;
> -    tmp = malloc(len);
> -    strncpy(tmp, string, len);
> +    a->argv = (const char **)xstrtokenize(string, ",");
... and here we leak them.

I'd just open-code dmxArgCreate, above and remove that function
alongside the no longer used dmxArgAdd.

-Emil
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to