qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a strncpy. However, this isn't necessary; we can do the same thing using virAsprintf(), which is much safer. Signed-off-by: Chris Lalancette <clalance(a)redhat.com&gt; --- src/qemu_driver.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 55a09f5..37fdec2 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1017,12 +1017,13 @@ qemudExtractMonitorPath(virConnectPtr conn, */ while (*tmp) { if (c_isspace(*tmp)) { - if (VIR_ALLOC_N(*path, (tmp-dev)+1) < 0) { + if (virAsprintf(path, "%s", dev) < 0) { virReportOOMError(conn); return -1; } - strncpy(*path, dev, (tmp-dev)); - (*path)[(tmp-dev)] = '\0'; + /* the last character is a \n, so back up one to overwrite */ + (*path)[tmp-dev] = '\0'; + /* ... now further update offset till we get EOL */ *offset = tmp - haystack; return 0;