From: Luke Yang Date: Wed, 12 Jun 2024 19:51:41 +0000 (-0400) Subject: commit: Null terminate `target_buf` var X-Git-Tag: archive/raspbian/2024.8-1+rpi1^2~7^2~1^2~5^2~2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=20d5bc8453edf780b6a162a6568e211310211108;p=ostree.git commit: Null terminate `target_buf` var Coverity points out that we are passing an unterminated string to sprintf(). Fix by using snprintf() which stores the content as a C string. --- diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c index 7a898757..4d12d5ec 100644 --- a/src/libostree/ostree-repo-commit.c +++ b/src/libostree/ostree-repo-commit.c @@ -815,8 +815,8 @@ _try_clone_from_payload_link (OstreeRepo *self, OstreeRepo *dest_repo, const cha if (size < OSTREE_SHA256_STRING_LEN + _OSTREE_PAYLOAD_LINK_PREFIX_LEN) return glnx_throw (error, "invalid data size for %s", loose_path_buf); - sprintf (target_checksum, "%.2s%.62s", target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN, - target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN + 3); + snprintf (target_checksum, size, "%.2s%.62s", target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN, + target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN + 3); _ostree_loose_path (loose_path_target_buf, target_checksum, OSTREE_OBJECT_TYPE_FILE, self->mode);