From 77b822dbc0f0223e5383b4377e1fa97657997d0d Mon Sep 17 00:00:00 2001 From: Don Lewis Date: Thu, 12 May 2016 06:39:13 +0000 Subject: [PATCH] Use strlcpy() instead of strncpy() to copy the string returned by setlocale() so that static analyzers know that the string is NUL terminated. This was causing a false positive in Coverity even though the longest string returned by setlocale() is ENCODING_LEN (31) and we are copying into a 64 byte buffer. This change is also a bit of an optimization since we don't need the strncpy() feature of padding the rest of the destination buffer with NUL characters. Reported by: Coverity CID: 974654 --- lib/libfetch/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c index ca522a6bcb8..f80404d4e0b 100644 --- a/lib/libfetch/http.c +++ b/lib/libfetch/http.c @@ -875,7 +875,7 @@ http_parse_mtime(const char *p, time_t *mtime) char locale[64], *r; struct tm tm; - strncpy(locale, setlocale(LC_TIME, NULL), sizeof(locale)); + strlcpy(locale, setlocale(LC_TIME, NULL), sizeof(locale)); setlocale(LC_TIME, "C"); r = strptime(p, "%a, %d %b %Y %H:%M:%S GMT", &tm); /*