[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cpio - covscan issues
|
From: |
Kamil Dudka |
|
Subject: |
Re: cpio - covscan issues |
|
Date: |
Thu, 08 Apr 2021 23:57:47 +0200 |
On Thursday, April 8, 2021 9:02:57 PM CEST Paul Eggert wrote:
> On 4/8/21 12:47 AM, Ondrej Dubaj wrote:
> > diff --git a/src/tar.c b/src/tar.c
> > index 99ef8a2..a5873e7 100644
> > --- a/src/tar.c
> > +++ b/src/tar.c
> > @@ -146,6 +146,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr,
> > int out_des)
> >
> > name_len = strlen (file_hdr->c_name);
> > if (name_len <= TARNAMESIZE)
> >
> > {
> >
> > + memset(tar_hdr->name, '\0', name_len+1);
> >
> > strncpy (tar_hdr->name, file_hdr->c_name, name_len);
> >
> > }
> >
> > else
>
> This fix isn't right incorrect. The 'name' array is not necessarily null
> terminated; see
> <https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_18_03>.
Yes, this was already pointed out by Martin.
> This unusual data structure is exactly what strncpy is designed for.
This would be true if length of the string was not computed in advance, but
in this specific case strncpy() brings no advantage over memcpy() really.
Kamil
Re: cpio - covscan issues, Paul Eggert, 2021/04/08
- Re: cpio - covscan issues,
Kamil Dudka <=