Null terminate before (or after) strncpy(3)

These three strncpy() calls copy at most sizeof(buffer)-1 bytes,
but buffer isn't explicitly 0 cleared, so 0 terminate the last byte.

Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Signed-off-by: Jens Axboe <axboe@fb.com>

diff --git a/diskutil.c b/diskutil.c
index 294d2d3d084a371fb3b1b47a4fb2087046d9f262..a1077d4001459a159c37076478fa4e04f882ecc8 100644 (file)
--- a/diskutil.c
+++ b/diskutil.c
@@ -179,6 +179,7 @@ static int get_device_numbers(char *file_name, int *maj, int *min)
                /*
                 * must be a file, open "." in that path
                 */
+               tempname[PATH_MAX - 1] = '\0';
                strncpy(tempname, file_name, PATH_MAX - 1);
                p = dirname(tempname);
                if (stat(p, &st)) {
@@ -426,6 +427,7 @@ static struct disk_util *__init_per_file_disk_util(struct thread_data *td,
                        log_err("unknown sysfs layout\n");
                        return NULL;
                }
+               tmp[PATH_MAX - 1] = '\0';
                strncpy(tmp, p, PATH_MAX - 1);
                sprintf(path, "%s", tmp);
        }

diff --git a/ioengines.c b/ioengines.c
index 918b50ad2bf27dafc0d69f9750d106aad29e2fa4..f7b5ed6bf38776e4240ffaff7f80fab8063a06a9 100644 (file)
--- a/ioengines.c
+++ b/ioengines.c
@@ -130,6 +130,7 @@ struct ioengine_ops *load_ioengine(struct thread_data *td, const char *name)
 
        dprint(FD_IO, "load ioengine %s\n", name);
 
+       engine[sizeof(engine) - 1] = '\0';
        strncpy(engine, name, sizeof(engine) - 1);
 
        /*