diff --git a/devicemodel/core/hugetlb.c b/devicemodel/core/hugetlb.c index 1272f993e..78d7da037 100644 --- a/devicemodel/core/hugetlb.c +++ b/devicemodel/core/hugetlb.c @@ -108,6 +108,7 @@ static int open_hugetlbfs(struct vmctx *ctx, int level) char uuid_str[48]; uint8_t UUID[16]; char *path; + size_t len; struct statfs fs; if (level >= HUGETLB_LV_MAX) { @@ -116,10 +117,12 @@ static int open_hugetlbfs(struct vmctx *ctx, int level) } path = hugetlb_priv[level].node_path; + memset(path, '\0', MAX_PATH_LEN); strncpy(path, hugetlb_priv[level].mount_path, MAX_PATH_LEN); + len = strnlen(path, MAX_PATH_LEN); /* UUID will use 32 bytes */ - if (strnlen(path, MAX_PATH_LEN) + 32 > MAX_PATH_LEN) { + if (len + 32 > MAX_PATH_LEN) { perror("PATH overflow"); return -ENOMEM; } @@ -132,6 +135,7 @@ static int open_hugetlbfs(struct vmctx *ctx, int level) UUID[8], UUID[9], UUID[10], UUID[11], UUID[12], UUID[13], UUID[14], UUID[15]); + *(path + len) = '\0'; strncat(path, uuid_str, strlen(uuid_str)); printf("open hugetlbfs file %s\n", path); @@ -284,7 +288,8 @@ static int mmap_hugetlbfs_highmem(struct vmctx *ctx) static int create_hugetlb_dirs(int level) { char tmp_path[MAX_PATH_LEN], *path; - int i, len; + int i; + size_t len; if (level >= HUGETLB_LV_MAX) { perror("exceed max hugetlb level"); @@ -293,8 +298,8 @@ static int create_hugetlb_dirs(int level) path = hugetlb_priv[level].mount_path; len = strlen(path); - if (len >= MAX_PATH_LEN) { - perror("exceed max path len"); + if (len >= MAX_PATH_LEN || len == 0) { + perror("invalid path len"); return -EINVAL; } diff --git a/devicemodel/core/sw_load_bzimage.c b/devicemodel/core/sw_load_bzimage.c index f2de09c31..02ca70adc 100644 --- a/devicemodel/core/sw_load_bzimage.c +++ b/devicemodel/core/sw_load_bzimage.c @@ -131,8 +131,7 @@ acrn_parse_kernel(char *arg) size_t len = strlen(arg); if (len < STR_LEN) { - strncpy(kernel_path, arg, len); - kernel_path[len] = '\0'; + strncpy(kernel_path, arg, len + 1); if (check_image(kernel_path) != 0){ fprintf(stderr, "SW_LOAD: check_image failed for '%s'\n", kernel_path); @@ -151,8 +150,7 @@ acrn_parse_ramdisk(char *arg) size_t len = strlen(arg); if (len < STR_LEN) { - strncpy(ramdisk_path, arg, len); - ramdisk_path[len] = '\0'; + strncpy(ramdisk_path, arg, len + 1); if (check_image(ramdisk_path) != 0){ fprintf(stderr, "SW_LOAD: check_image failed for '%s'\n", ramdisk_path); diff --git a/devicemodel/core/sw_load_common.c b/devicemodel/core/sw_load_common.c index 70a94d196..3d0ae14c8 100644 --- a/devicemodel/core/sw_load_common.c +++ b/devicemodel/core/sw_load_common.c @@ -104,8 +104,7 @@ acrn_parse_bootargs(char *arg) size_t len = strlen(arg); if (len < STR_LEN) { - strncpy(bootargs, arg, len); - bootargs[len] = '\0'; + strncpy(bootargs, arg, len + 1); with_bootargs = 1; printf("SW_LOAD: get bootargs %s\n", bootargs); return 0; diff --git a/devicemodel/core/sw_load_vsbl.c b/devicemodel/core/sw_load_vsbl.c index 6385f4095..952c26253 100644 --- a/devicemodel/core/sw_load_vsbl.c +++ b/devicemodel/core/sw_load_vsbl.c @@ -111,8 +111,7 @@ acrn_parse_guest_part_info(char *arg) size_t len = strlen(arg); if (len < STR_LEN) { - strncpy(guest_part_info_path, arg, len); - guest_part_info_path[len] = '\0'; + strncpy(guest_part_info_path, arg, len + 1); assert(check_image(guest_part_info_path) == 0); with_guest_part_info = true; @@ -172,8 +171,7 @@ acrn_parse_vsbl(char *arg) size_t len = strlen(arg); if (len < STR_LEN) { - strncpy(vsbl_path, arg, len); - vsbl_path[len] = '\0'; + strncpy(vsbl_path, arg, len + 1); assert(check_image(vsbl_path) == 0); vsbl_file_name = vsbl_path; diff --git a/devicemodel/hw/platform/acpi/acpi.c b/devicemodel/hw/platform/acpi/acpi.c index 3aa6451ed..2cbeeb226 100644 --- a/devicemodel/hw/platform/acpi/acpi.c +++ b/devicemodel/hw/platform/acpi/acpi.c @@ -922,7 +922,7 @@ basl_make_templates(void) len = strlen(tmpdir); if ((len + sizeof(ASL_TEMPLATE) + 1) < MAXPATHLEN) { - strncpy(basl_template, tmpdir, len); + strncpy(basl_template, tmpdir, len + 1); while (len > 0 && basl_template[len - 1] == '/') len--; basl_template[len] = '/'; @@ -937,7 +937,7 @@ basl_make_templates(void) */ if ((len + sizeof(ASL_TEMPLATE) + 1 + sizeof(ASL_SUFFIX)) < MAXPATHLEN) { - strncpy(basl_stemplate, tmpdir, len); + strncpy(basl_stemplate, tmpdir, len + 1); basl_stemplate[len] = '/'; strncpy(&basl_stemplate[len + 1], ASL_TEMPLATE, MAXPATHLEN - len - 1);