Bug 331330

Summary: libkcompactdisc-4.12.2/wmlib/plat_scor5.c:71]: (error) Dangerous usage of 'pass_through' (strncpy doesn't always null-terminate it).
Product: kdemultimedia Reporter: dcb314
Component: libkcompactdiscAssignee: Multimedia Developers <kde-multimedia>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: 4.12.2   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: http://commits.kde.org/libkcompactdisc/46f8c6a334a3007fb370e541ed7748d1b532255f Version Fixed In: 4.12.3

Description dcb314 2014-02-20 13:43:34 UTC 
Source code is

  strncpy(pass_through, dev_name, sizeof(pass_through)-2);
  strcat(pass_through, "p" );

maybe 

  strncpy(pass_through, dev_name, sizeof(pass_through)-2);
  pass_through[sizeof(pass_through)-2] = '\0';
  strcat(pass_through, "p" );

might be better code.
Comment 1 Michael Pyne 2014-02-21 03:44:40 UTC 
Git commit 46f8c6a334a3007fb370e541ed7748d1b532255f by Michael Pyne.
Committed on 21/02/2014 at 03:42.
Pushed by mpyne into branch 'KDE/4.12'.

Be safer with strncpy.

Hard to believe we're maintaining a bunch of slightly-different C files
for Unix systems only a dusty mainframe could love.

Thanks to the bug reporter for reporting static analyzer results.
FIXED-IN:4.12.3

M  +1    -0    wmlib/plat_scor5.c
M  +1    -0    wmlib/plat_svr4.c

http://commits.kde.org/libkcompactdisc/46f8c6a334a3007fb370e541ed7748d1b532255f