On 3 Nov 2019, at 16:20, Samuel Thibault <samuel.thiba...@gnu.org> wrote: > > Hello, > > Joan Lledó via Bug reports for the GNU Hurd, le dim. 03 nov. 2019 10:38:28 > +0100, a ecrit: >> * pci-arbiter/pcifs.c: >> * create_dir_entry: >> Limit to NAME_SIZE-1 when calling strncpy(). >> Finish entry->name with '\0'. >> * create_fs_tree: >> memset() to 0 the directory entry. >> Limit to NAME_SIZE-1 all calls to >> snprintf() and strncpy(). > > Applied, thanks! > >> @@ -206,7 +208,7 @@ create_fs_tree (struct pcifs * fs) >> e_stat = list->stat; >> e_stat.st_mode &= ~S_IROOT; /* Remove the root mode */ >> memset (entry_name, 0, NAME_SIZE); >> - snprintf (entry_name, NAME_SIZE, "%04x", device->domain); >> + snprintf (entry_name, NAME_SIZE - 1, "%04x", device->domain); > > Perhaps replace the whole memset with just setting > entry_name[NAME_SIZE-1] = 0 > ? and ditto below.
snprintf guarantees NUL termination, so this now over-truncates. James