[Spice-devel] [PATCH spice-server] red-stream-device: Fix "make syntax-check"
Christophe Fergeau
cfergeau at redhat.com
Thu Jan 31 10:44:39 UTC 2019
On Wed, Jan 30, 2019 at 03:13:06PM +0000, Frediano Ziglio wrote:
> Avoid using strncpy, considered not secure.
> In this case a simple memcpy is used, we are going to terminate
> the string in any case on the next line.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> server/red-stream-device.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/server/red-stream-device.c b/server/red-stream-device.c
> index 440b2689..2a210cc7 100644
> --- a/server/red-stream-device.c
> +++ b/server/red-stream-device.c
> @@ -330,9 +330,9 @@ handle_msg_device_display_info(StreamDevice *dev, SpiceCharDeviceInstance *sin)
> return true;
> }
>
> - strncpy(dev->device_display_info.device_address,
> - (char*) display_info_msg->device_address,
> - device_address_len);
> + memcpy(dev->device_display_info.device_address,
> + (char*) display_info_msg->device_address,
> + device_address_len);
I'd use g_strlcpy instead, as by using memcpy, it's no longer obvious
that display_info_msg->device_address is not expected to contain null
bytes.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20190131/626b1b9e/attachment.sig>
More information about the Spice-devel
mailing list