In the setPyVirTypedParameter we try to produce virTypedParameter
array from a pyhthon dictionary. However, when copying field name into
item in returned array, we use strncpy() as the field name is fixed
length array. To determine its size we use sizeof() but mistakenly
dereference it resulting in sizeof(char) which equals to 1 byte.
Moreover, there's no need for using sizeof() when we have a global
macro to tell us the length of the field name:
VIR_TYPED_PARAM_FIELD_LENGTH.
And since array is allocated using VIR_ALLOC() we are sure the memory
is initially filled with zeros. Hence, there's no need to terminate
string we've just copied into field name with '\0' character. It's
there for sure too as we copy up to field length - 1.
Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
---
libvirt-override.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libvirt-override.c b/libvirt-override.c
index 83369fc..3765a43 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -197,8 +197,7 @@ setPyVirTypedParameter(PyObject *info,
goto cleanup;
}
- strncpy(temp->field, keystr, sizeof(*temp->field) - 1);
- temp->field[sizeof(*temp->field) - 1] = '\0';
+ strncpy(temp->field, keystr, VIR_TYPED_PARAM_FIELD_LENGTH - 1);
temp->type = params[i].type;
VIR_FREE(keystr);
--
1.9.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
