Fix svace issue

- change strcpy function to strncpy

Change-Id: Icadf6b2717d1093d8514b16e01fd03ceb44ea728
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>

diff --git a/hw/board/board.c b/hw/board/board.c
index d8bb35a..2cbc583 100644 (file)
--- a/hw/board/board.c
+++ b/hw/board/board.c
@@ -46,6 +46,7 @@ static int get_serialno_from_dat(void)
 {
        FILE *fp;
        char buffer[DATA_BUFF_MAX], *p, *q;
+       int len;
 
        fp = fopen(SERIAL_PATH_NAME, "r");
        if (!fp) {
@@ -62,7 +63,9 @@ static int get_serialno_from_dat(void)
        q = strchrnul(p, '\n');
        *q = '\0';
 
-       strcpy(info.serial, p);
+       len = strlen(p) > DATA_BUFF_MAX-1 ? DATA_BUFF_MAX-1 : strlen(p);
+       strncpy(info.serial, p, len);
+       info.serial[len] = '\0';
        info.serial_len = strlen(p);
 
        fclose(fp);
@@ -73,6 +76,7 @@ static int get_serialno_from_cpuinfo(void)
 {
        FILE *fp;
        char line[LINE_LEN], *p, *q;
+       int len;
 
        fp = fopen(CPUINFO_PATH, "r");
        if (!fp) {
@@ -97,7 +101,9 @@ static int get_serialno_from_cpuinfo(void)
                q = strchrnul(p, '\n');
                *q = '\0';
 
-               strcpy(info.serial, p);
+               len = strlen(p) > DATA_BUFF_MAX-1 ? DATA_BUFF_MAX-1 : strlen(p);
+               strncpy(info.serial, p, len);
+               info.serial[len] = '\0';
                info.serial_len = strlen(p);
 
                fclose(fp);