Fixes Bug 1905 - CID 154167:
Calling strncpy with a maximum size argument of ODP_TABLE_NAME_LEN
bytes on destination array tbl->name of size ODP_TABLE_NAME_LEN bytes
might leave the destination string unterminated if the copied string is
also of the maximum size ODP_TABLE_NAME_LEN.
Make the copy leave one char for the null terminator.
Signed-off-by: Mike Holmes <mike.hol...@linaro.org>
---
helper/hashtable.c | 2 +-
helper/lineartable.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/helper/hashtable.c b/helper/hashtable.c
index 1121beb..e0f562e 100644
--- a/helper/hashtable.c
+++ b/helper/hashtable.c
@@ -92,7 +92,7 @@ odph_table_t odph_hash_table_create(const char *name,
uint32_t capacity,
memset(tbl, 0, capacity << 20);
tbl->init_cap = capacity << 20;
- strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN);
+ strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1);
tbl->key_size = key_size;
tbl->value_size = value_size;
diff --git a/helper/lineartable.c b/helper/lineartable.c
index b0759f9..68d9350 100644
--- a/helper/lineartable.c
+++ b/helper/lineartable.c
@@ -73,7 +73,7 @@ odph_table_t odph_linear_table_create(const char *name,
uint32_t capacity,
tbl->init_cap = capacity < 20;
- strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN);
+ strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1);
/* for linear table, the key is just the index, without confict
* so we just need to record the value content
--
2.5.0
_______________________________________________
lng-odp mailing list
lng-odp@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/lng-odp
