On Fri, Aug 07, 2009 at 11:06:28AM +0200, Chris Lalancette wrote:

qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a strncpy. However, this isn't necessary; we can do the same thing using virAsprintf(), which is much safer.

Signed-off-by: Chris Lalancette <clalance@redhat.com> --- src/qemu_driver.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 55a09f5..37fdec2 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1017,12 +1017,13 @@ qemudExtractMonitorPath(virConnectPtr conn, */ while (*tmp) { if (c_isspace(*tmp)) { - if (VIR_ALLOC_N(*path, (tmp-dev)+1) < 0) { + if (virAsprintf(path, "%s", dev) < 0) { virReportOOMError(conn); return -1; } - strncpy(*path, dev, (tmp-dev)); - (*path)[(tmp-dev)] = '\0'; + /* the last character is a \n, so back up one to overwrite */ + (*path)[tmp-dev] = '\0'; + /* ... now further update offset till we get EOL */ *offset = tmp - haystack; return 0;

virAsprintf seems a little overkill to me - how about just using strndup(), which is equivalent to VIR_ALLOC_N + strncpy, but with guarenteed null termination Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|