Use strncpy() to limit characters copied to optionName.

Valgrind complained about uninitialized values on arm64 when comparing the reset prefix, probably because "reset" ended up being larger than the option name: Conditional jump or move depends on uninitialised value(s) at cfgParseOption (parse.c:568). Coverity complained because it could not verify the size of the string to be copied into optionName, probably because it does not understand the purpose of strSize(): You might overrun the 65-character fixed-size string "optionName" by copying the return value of "strZ" without checking the length. Use strncpy() even though we have already checked the size and make sure the string is terminated. Keep the size check because searching for truncated option names is not a good idea. This is not a production bug since the code has not been released yet.
2025-09-16 09:06:18 +02:00 · 2021-10-02 16:17:33 -04:00
parent b792a14cd7
commit 71047a9d6d
2 changed files with 6 additions and 2 deletions
--- a/doc/xml/release.xml
+++ b/doc/xml/release.xml
@@ -18,7 +18,10 @@
            <release-core-list>
                <release-improvement-list>
                    <release-item>
-                        <github-pull-request id="1481"/>
+                        <commit subject="Increase max index allowed for pg/repo options to 256.">
+                            <github-pull-request id="1481"/>
+                        </commit>
+                        <commit subject="Use strncpy() to limit characters copied to optionName."/>

                        <release-item-contributor-list>
                            <release-item-contributor id="david.steele"/>
--- a/src/config/parse.c
+++ b/src/config/parse.c
@@ -553,7 +553,8 @@ cfgParseOption(const String *const optionCandidate, const CfgParseOptionParam pa
            OptionInvalidError, "option '%s' exceeds maximum size of " STRINGIFY(OPTION_NAME_SIZE_MAX), strZ(optionCandidate));
    }

-    strcpy(optionName, strZ(optionCandidate));
+    strncpy(optionName, strZ(optionCandidate), sizeof(optionName) - 1);
+    optionName[OPTION_NAME_SIZE_MAX] = '\0';

    // If this looks like negate
    if (strncmp(optionName, OPTION_PREFIX_NEGATE, sizeof(OPTION_PREFIX_NEGATE) - 1) == 0)