Le 03/09/2012 22:22, Otto Moerbeek a écrit : > On Mon, Sep 03, 2012 at 05:19:44PM +0200, Otto Moerbeek wrote: > >> On Mon, Sep 03, 2012 at 04:37:42PM +0200, rustyBSD wrote: >> >>> /usr/src/sbin/disklabel/disklabel.c >>> lines: 333 & 1092 & 1096 >>> >>> Is this me, or these strncpy() may cause off-by-one >>> overflows ? >>> >>> In an use like this: >>> >>> strncpy(a, b, sizeof(a)); >> No, this is not an overflow. But a will potentieally not be NUL-terminated. >> >>> the null terminator will be added beyond the end of >>> a if b has the same size (or a larger size). >>> >>> Should use something like: >>> >>> strncpy(a, b, sizeof(a) - 1); >> Better use strlcpy(3). The mappages for goth strncopy and strlcpy >> explain why. > Ugh, missed the disklabel reference. These fields are not > NUL-terminated strings, so strncpy(3) is ok in this case. > > -Otto > > Argh, ok i leave
:S
