2016-04-12 17:13, Daniel Mrzyglod:
> CID30691:
> If the buffer is treated as a null terminated string in later operations,
> a buffer overflow or over-read may occur.
[...]
> --- a/examples/vm_power_manager/channel_manager.c
> +++ b/examples/vm_power_manager/channel_manager.c
> -     strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
> +     strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
> +                     strlen(new_domain->name) - 1);

It looks to be a copy paste of a ready-to-use replacement of strncpy.
Why not just do new_domain->name[sizeof(new_domain->name) - 1] = 0 ?

Reply via email to