On Tue, Sep 14, 2021 at 02:45:51AM +0000, scan-admin@coverity.com wrote:
178 } else {
CID 240100: Memory - illegal accesses (BUFFER_SIZE_WARNING) Calling "strncpy" with a maximum size argument of 64 bytes on destination array "codec->audio_name" of size 64 bytes might leave the destination string unterminated.179 strncpy(codec->audio_name, audio_name, sizeof(codec->audio_name));
strncpy() is another word for pitfall. We should *always* use osmo_strlcpy(), or OSMO_STRLCPY_ARRAY() to save typing 'sizeof'.
osmith, could we put such a check in the linter maybe? i.e. forbid use of strncpy() and strcpy().
~N
On 9/15/21 8:15 AM, Neels Hofmeyr wrote:
On Tue, Sep 14, 2021 at 02:45:51AM +0000, scan-admin@coverity.com wrote:
178 } else {
CID 240100: Memory - illegal accesses (BUFFER_SIZE_WARNING) Calling "strncpy" with a maximum size argument of 64 bytes on destination array "codec->audio_name" of size 64 bytes might leave the destination string unterminated.179 strncpy(codec->audio_name, audio_name, sizeof(codec->audio_name));
strncpy() is another word for pitfall. We should *always* use osmo_strlcpy(), or OSMO_STRLCPY_ARRAY() to save typing 'sizeof'.
osmith, could we put such a check in the linter maybe? i.e. forbid use of strncpy() and strcpy().
Sure: https://gerrit.osmocom.org/c/osmo-ci/+/25466
~N
-
Neels Hofmeyr -
Oliver Smith