From: Jim Meyering <meyering@redhat.com>
Date: Thu, 4 Oct 2012 11:09:46 +0000 (+0200)
Subject: block: avoid buffer overrun by using pstrcpy, not strncpy
X-Git-Tag: TizenStudio_2.0_p2.3.2~208^2~3419
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c2cba3d9314f972dfaf724d0ec2d018eb54c95f1;p=sdk%2Femulator%2Fqemu.git

block: avoid buffer overrun by using pstrcpy, not strncpy

Also, use PATH_MAX, rather than the arbitrary 1024.
Using PATH_MAX is more consistent with other filename-related
variables in this file, like backing_filename and tmp_filename.

Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---

diff --git a/block.c b/block.c
index c108a76..e95f613 100644
--- a/block.c
+++ b/block.c
@@ -1506,7 +1506,7 @@ int bdrv_commit(BlockDriverState *bs)
     int n, ro, open_flags;
     int ret = 0;
     uint8_t *buf;
-    char filename[1024];
+    char filename[PATH_MAX];
 
     if (!drv)
         return -ENOMEDIUM;
@@ -1520,7 +1520,8 @@ int bdrv_commit(BlockDriverState *bs)
     }
 
     ro = bs->backing_hd->read_only;
-    strncpy(filename, bs->backing_hd->filename, sizeof(filename));
+    /* Use pstrcpy (not strncpy): filename must be NUL-terminated. */
+    pstrcpy(filename, sizeof(filename), bs->backing_hd->filename);
     open_flags =  bs->backing_hd->open_flags;
 
     if (ro) {