linux-user/syscall.c:9860:17: warning: Call to function 'strcpy' is insecure as
it does not provide bounding of the memory buffer. Replace unbounded copy
functions with analogous functions that support length arguments such as
'strlcpy'. CWE-119
strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
^~~~~~
Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
linux-user/syscall.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 963b9c8f4b..847f729834 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9853,7 +9853,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
if (!is_error(ret)) {
/* Overwrite the native machine name with whatever is being
emulated. */
- strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
+ g_strlcpy(buf->machine, cpu_to_uname_machine(cpu_env),
+ sizeof(buf->machine));
/* Allow the user to override the reported release. */
if (qemu_uname_release && *qemu_uname_release) {
g_strlcpy(buf->release, qemu_uname_release,
--
2.13.3
