On Thursday, April 8, 2021 9:02:57 PM CEST Paul Eggert wrote:
> On 4/8/21 12:47 AM, Ondrej Dubaj wrote:
> > diff --git a/src/tar.c b/src/tar.c
> > index 99ef8a2..a5873e7 100644
> > --- a/src/tar.c
> > +++ b/src/tar.c
> > @@ -146,6 +146,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr,
> > int out_des)
> >
> > name_len = strlen (file_hdr->c_name);
> > if (name_len <= TARNAMESIZE)
> >
> > {
> >
> > + memset(tar_hdr->name, '\0', name_len+1);
> >
> > strncpy (tar_hdr->name, file_hdr->c_name, name_len);
> >
> > }
> >
> > else
>
> This fix isn't right incorrect. The 'name' array is not necessarily null
> terminated; see
> <https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_18_03>.
Yes, this was already pointed out by Martin.
> This unusual data structure is exactly what strncpy is designed for.
This would be true if length of the string was not computed in advance, but
in this specific case strncpy() brings no advantage over memcpy() really.
Kamil
