Fixes Bug 1905 - CID 154167: Calling strncpy with a maximum size argument of ODP_TABLE_NAME_LEN bytes on destination array tbl->name of size ODP_TABLE_NAME_LEN bytes might leave the destination string unterminated if the copied string is also of the maximum size ODP_TABLE_NAME_LEN.
Make the copy leave one char for the null terminator. Signed-off-by: Mike Holmes <mike.hol...@linaro.org> --- helper/hashtable.c | 2 +- helper/lineartable.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helper/hashtable.c b/helper/hashtable.c index 1121beb..e0f562e 100644 --- a/helper/hashtable.c +++ b/helper/hashtable.c @@ -92,7 +92,7 @@ odph_table_t odph_hash_table_create(const char *name, uint32_t capacity, memset(tbl, 0, capacity << 20); tbl->init_cap = capacity << 20; - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); tbl->key_size = key_size; tbl->value_size = value_size; diff --git a/helper/lineartable.c b/helper/lineartable.c index b0759f9..68d9350 100644 --- a/helper/lineartable.c +++ b/helper/lineartable.c @@ -73,7 +73,7 @@ odph_table_t odph_linear_table_create(const char *name, uint32_t capacity, tbl->init_cap = capacity < 20; - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); /* for linear table, the key is just the index, without confict * so we just need to record the value content -- 2.5.0 _______________________________________________ lng-odp mailing list lng-odp@lists.linaro.org https://lists.linaro.org/mailman/listinfo/lng-odp