[Spice-devel] [PATCH spice-server] red-stream-device: Fix "make syntax-check"

Frediano Ziglio fziglio at redhat.com
Wed Jan 30 15:13:06 UTC 2019


Avoid using strncpy, considered not secure.
In this case a simple memcpy is used, we are going to terminate
the string in any case on the next line.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 server/red-stream-device.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/red-stream-device.c b/server/red-stream-device.c
index 440b2689..2a210cc7 100644
--- a/server/red-stream-device.c
+++ b/server/red-stream-device.c
@@ -330,9 +330,9 @@ handle_msg_device_display_info(StreamDevice *dev, SpiceCharDeviceInstance *sin)
         return true;
     }
 
-    strncpy(dev->device_display_info.device_address,
-            (char*) display_info_msg->device_address,
-            device_address_len);
+    memcpy(dev->device_display_info.device_address,
+           (char*) display_info_msg->device_address,
+           device_address_len);
 
     // make sure the string is terminated
     dev->device_display_info.device_address[device_address_len - 1] = '\0';
-- 
2.20.1



More information about the Spice-devel mailing list