@@ -146,6 +146,7 @@ int genl_family_add_grp(struct genl_family *family, uint32_t id,
grp->id = id;
strncpy(grp->name, name, GENL_NAMSIZ - 1);
+ grp->name[GENL_NAMSIZ - 1] = '\0';
nl_list_add_tail(&grp->list, &family->gf_mc_grps);
@@ -82,6 +82,7 @@ static inline char *genl_family_get_name(struct genl_family *family)
static inline void genl_family_set_name(struct genl_family *family, const char *name)
{
strncpy(family->gf_name, name, GENL_NAMSIZ-1);
+ family->gf_name[GENL_NAMSIZ - 1] = '\0';
family->ce_mask |= FAMILY_ATTR_NAME;
}
The strncpy() function doesn't null terminate the destination string if the source string is at least as long as the destination. (This behavior is defined by the C99 specification.) As a result, the destination string must be null terminated after calling strncpy(). And clang11 static analyzer thus reports following: genl_family.c:148:2: error: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 15 [-Werror=stringop-truncation] 148 | strncpy(grp->name, name, GENL_NAMSIZ - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc: Felix Fietkau <nbd@nbd.name> References: https://gitlab.com/openwrt/project/libnl-tiny/-/jobs/2495301251#L197 Signed-off-by: Petr Štetiar <ynezz@true.cz> --- genl_family.c | 1 + include/netlink/genl/family.h | 1 + 2 files changed, 2 insertions(+)