Description of problem: some issues of perl-Sys-Virt covscan testing. Version-Release number of selected component (if applicable): perl-Sys-Virt-1.1.1-2.el7 How reproducible: always Steps to Reproduce: run coverity test for per-Sys-Virt: http://cov01.lab.eng.brq.redhat.com/covscanhub/task/5090/ the defects of this bug disappear, but found some new defects.like below: ....... Error: OVERRUN (CWE-119): Sys-Virt-1.1.1/Virt.xs:3787: overrun-buffer-arg: Overrunning array ""bandwidth"" of 10 bytes by passing it to a function which accesses it at byte offset 79 using argument "80UL". Error: OVERRUN (CWE-119): Sys-Virt-1.1.1/Virt.xs:3775: overrun-buffer-arg: Overrunning array ""destination_name"" of 17 bytes by passing it to a function which accesses it at byte offset 79 using argument "80UL". Error: OVERRUN (CWE-119): Sys-Virt-1.1.1/Virt.xs:3779: overrun-buffer-arg: Overrunning array ""destination_xml"" of 16 bytes by passing it to a function which accesses it at byte offset 79 using argument "80UL". Error: OVERRUN (CWE-119): Sys-Virt-1.1.1/Virt.xs:3783: overrun-buffer-arg: Overrunning array ""graphics_uri"" of 13 bytes by passing it to a function which accesses it at byte offset 79 using argument "80UL". ....... Actual results: Expected results: fix the issues. Additional info:
commit 48ffa420b50d2abf19600e2f5c9ff7694406762f Author: Daniel P. Berrange <berrange> Date: Wed Dec 18 11:25:12 2013 +0000 Use strncpy instead of memcpy for migrate parameters Using memcpy for copying migrate parameter names meant the code was reading beyond the end of the string constants. We must use strncpy to only read upto the null terminator. Signed-off-by: Daniel P. Berrange <berrange>
verify with build: perl-Sys-Virt-1.1.1-3.el7 covscan task: http://cov01.lab.eng.brq.redhat.com/covscanhub/task/8035/ no OVERRUN issues, move to verified.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.