Use strncpy() instead of strcpy() to copy partition name and type. This prevents possible buffer overflow, because the source string occupies up to 33 bytes with a terminating null.
Static analysis tools complain about the code as it is now: Function: _generate_raw_part Destination buffer too small string_overflow: You might overrun the 32 byte destination string part_map_entry->type by writing 33 bytes from mac_part_data->system_name (Destination buffer too small, line 933) Cc: Sabas Rosales, Blanca E <[email protected]> Signed-off-by: Sergei Antonov <[email protected]> --- libparted/labels/mac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c index 1034418..d8da941 100644 --- a/libparted/labels/mac.c +++ b/libparted/labels/mac.c @@ -930,8 +930,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part, = PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num); part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start); part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length); - strcpy (part_map_entry->name, mac_part_data->volume_name); - strcpy (part_map_entry->type, mac_part_data->system_name); + strncpy (part_map_entry->name, mac_part_data->volume_name, 32); + strncpy (part_map_entry->type, mac_part_data->system_name, 32); if (mac_part_data->is_driver) { mac_part_data->boot_region_length = part->geom.length; -- 2.3.0
