On Wed, Jan 30, 2019 at 03:13:06PM +0000, Frediano Ziglio wrote: > Avoid using strncpy, considered not secure. > In this case a simple memcpy is used, we are going to terminate > the string in any case on the next line. > > Signed-off-by: Frediano Ziglio <fzig...@redhat.com> > --- > server/red-stream-device.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/server/red-stream-device.c b/server/red-stream-device.c > index 440b2689..2a210cc7 100644 > --- a/server/red-stream-device.c > +++ b/server/red-stream-device.c > @@ -330,9 +330,9 @@ handle_msg_device_display_info(StreamDevice *dev, > SpiceCharDeviceInstance *sin) > return true; > } > > - strncpy(dev->device_display_info.device_address, > - (char*) display_info_msg->device_address, > - device_address_len); > + memcpy(dev->device_display_info.device_address, > + (char*) display_info_msg->device_address, > + device_address_len);
I'd use g_strlcpy instead, as by using memcpy, it's no longer obvious that display_info_msg->device_address is not expected to contain null bytes. Christophe
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
