From f6835b82a8dbb3a9688c7b28fd4d673dca371272 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 16 May 2016 21:42:40 -0400
Subject: [PATCH] Implement lttng_strncpy safe string copy
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---
 src/common/macros.h | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/common/macros.h b/src/common/macros.h
index 308d3d57a..930438855 100644
--- a/src/common/macros.h
+++ b/src/common/macros.h
@@ -20,6 +20,7 @@
 #define _MACROS_H
 
 #include <stdlib.h>
+#include <string.h>
 
 /*
  * Takes a pointer x and transform it so we can use it to access members
@@ -76,4 +77,28 @@ void *zmalloc(size_t len)
 #define LTTNG_HIDDEN __attribute__((visibility("hidden")))
 #endif
 
+/*
+ * lttng_strncpy returns 0 on success, or nonzero on failure.
+ * It checks that the @src string fits into @dst_len before performing
+ * the copy. On failure, no copy has been performed.
+ *
+ * dst_len includes the string's trailing NULL.
+ */
+static inline
+int lttng_strncpy(char *dst, const char *src, size_t dst_len)
+{
+	if (strnlen(src, dst_len) == dst_len) {
+		/* Fail since copying would result in truncation. */
+		return -1;
+	}
+	strncpy(dst, src, dst_len);
+	/*
+	 * Be extra careful and put final \0 at the end after strncpy(),
+	 * even though we checked the length before. This makes Coverity
+	 * happy.
+	 */
+	dst[dst_len - 1] = '\0';
+	return 0;
+}
+
 #endif /* _MACROS_H */
-- 
2.34.1