Kevin Wolf <kw...@redhat.com> writes:
> Am 20.01.2010 12:09, schrieb Kirill A. Shutemov:
>> On Wed, Jan 20, 2010 at 12:33 PM, Daniel P. Berrange
>> <berra...@redhat.com> wrote:
>>> On Wed, Jan 20, 2010 at 08:19:26AM +0200, Kirill A. Shutemov wrote:
>>>> On Wed, Jan 20, 2010 at 1:56 AM, Juan Quintela <quint...@redhat.com> wrote:
[...]
>>>>> diff --git a/block/vvfat.c b/block/vvfat.c
>>>>> index 063f731..df957e5 100644
>>>>> --- a/block/vvfat.c
>>>>> +++ b/block/vvfat.c
>>>>> @@ -868,7 +868,8 @@ static int init_directories(BDRVVVFATState* s,
>>>>> {
>>>>> direntry_t* entry=array_get_next(&(s->directory));
>>>>> entry->attributes=0x28; /* archive | volume label */
>>>>> - snprintf((char*)entry->name,11,"QEMU VVFAT");
>>>>> + memcpy(entry->name,"QEMU VVF",8);
>>>>> + memcpy(entry->extension,"AT ",3);
>>>>> }
>>>>
>>>> Better to use
>>>>
>>>> memcpy(entry->name, "QEMU VVFAT", 11);
>>>>
>>>> memcpy() doesn't check bounds.
No, this is evil, and may well be flagged by static analysis tools.
>>> It doesn't *currently* check bounds.
>>
>> No. memcpy() will never check bounds. It's totaly different from strcpy,
>> http://gcc.gnu.org/ml/gcc-patches/2009-06/msg00419.html
>
> Regardless if deliberately overflowing the buffer works or doesn't
> making it explicit is better. Someone might reorder the struct or add
> new fields in between (okay, unlikely in this case, but still) and
> you'll overflow into fields you never wanted to touch.
Moreover, compilers are free to put padding between members name and
extension.
