331330 – libkcompactdisc-4.12.2/wmlib/plat_scor5.c:71]: (error) Dangerous usage of 'pass_through' (strncpy doesn't always null-terminate it).

Bug 331330 - libkcompactdisc-4.12.2/wmlib/plat_scor5.c:71]: (error) Dangerous usage of 'pass_through' (strncpy doesn't always null-terminate it).

Summary: libkcompactdisc-4.12.2/wmlib/plat_scor5.c:71]: (error) Dangerous usage of 'pa...

Status:	RESOLVED FIXED

Alias:	None

Product:	kdemultimedia
Classification:	Miscellaneous
Component:	libkcompactdisc (show other bugs)
Version:	4.12.2
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Multimedia Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-02-20 13:43 UTC by dcb314
Modified:	2014-02-21 03:44 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	http://commits.kde.org/libkcompactdisc/46f8c6a334a3007fb370e541ed7748d1b532255f
Version Fixed In:	4.12.3

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description dcb314 2014-02-20 13:43:34 UTC

Source code is

  strncpy(pass_through, dev_name, sizeof(pass_through)-2);
  strcat(pass_through, "p" );

maybe 

  strncpy(pass_through, dev_name, sizeof(pass_through)-2);
  pass_through[sizeof(pass_through)-2] = '\0';
  strcat(pass_through, "p" );

might be better code.

Comment 1 Michael Pyne 2014-02-21 03:44:40 UTC

Git commit 46f8c6a334a3007fb370e541ed7748d1b532255f by Michael Pyne.
Committed on 21/02/2014 at 03:42.
Pushed by mpyne into branch 'KDE/4.12'.

Be safer with strncpy.

Hard to believe we're maintaining a bunch of slightly-different C files
for Unix systems only a dusty mainframe could love.

Thanks to the bug reporter for reporting static analyzer results.
FIXED-IN:4.12.3

M  +1    -0    wmlib/plat_scor5.c
M  +1    -0    wmlib/plat_svr4.c

http://commits.kde.org/libkcompactdisc/46f8c6a334a3007fb370e541ed7748d1b532255f