From 6c7bb8c068c975fd91843897a620000f6fddc8e4 Mon Sep 17 00:00:00 2001
From: Jianpeng Ma <jianpeng.ma@intel.com>
Date: Fri, 21 Nov 2014 09:55:02 +0800
Subject: [PATCH] blkdev: using strncpy instead of strcpy.

Coverity Scan reported this bug:
> New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s)
> *** CID 1255369:  Copy into fixed size buffer  (STRING_OVERFLOW)
> /common/blkdev.cc: 34 in block_device_support_discard(const char *)()
> 28     bool block_device_support_discard(const char *devname)
> 29     {
> 30       bool can_trim = false;
> 31       char *p = strstr((char *)devname, "sd");
> 32       char name[32] = {0};
> 33
> >>>     CID 1255369:  Copy into fixed size buffer  (STRING_OVERFLOW)
> >>>     You might overrun the 32 byte fixed-size string "name" by
> >>>     copying "p" without checking the length.
> 34       strcpy(name, p);
> 35       for (unsigned int i = 0; i < strlen(name); i++) {
> 36         if(isdigit(name[i])) {
> 37           name[i] = 0;
> 38           break;
> 39         }
>

Signed-off-by: Jianpeng Ma <jianpeng.ma@intel.com>
---
 src/common/blkdev.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
index 50157828240f..4846463962e7 100644
--- a/src/common/blkdev.cc
+++ b/src/common/blkdev.cc
@@ -29,9 +29,11 @@ bool block_device_support_discard(const char *devname)
 {
   bool can_trim = false;
   char *p = strstr((char *)devname, "sd");
-  char name[32] = {0};
+  char name[32];
+
+  strncpy(name, p, sizeof(name) - 1);
+  name[sizeof(name) - 1] = '\0';
 
-  strcpy(name, p);
   for (unsigned int i = 0; i < strlen(name); i++) {
     if(isdigit(name[i])) {
       name[i] = 0;
-- 
2.47.3