service: fix compilation with GCC 10

Building with GCC 10.3.0 fails with the following error:

service.c:243:10: error: 'strncpy' offset 6 from the object at 'b' is
out of the bounds of referenced subobject 'name' with type 'uint8_t[]'
{aka 'unsigned char[]'} at offset 6 [-Werror=array-bounds]
  243 |  s->id = strncpy(d_id, blobmsg_name(b), n);
        |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix it by passing the length returned by strlen to strncpy without
adding an extra byte for the string terminator. Add the extra byte only
in the calloc_a call, which will initialize it to NULL.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

diff --git a/service.c b/service.c
index 66a3382a0389f52c85e06beed3a270e78c3e7163..bd9f985c57873e6946d4b4da8bac0f628c802d5a 100644 (file)
--- a/service.c
+++ b/service.c
@@ -230,9 +230,9 @@ service_load_blob(struct blob_attr *b)
                blobmsg_for_each_attr(txt, _tb[SERVICE_TXT], rem2)
                        txt_len += 1 + strlen(blobmsg_get_string(txt));
 
-       n = strlen(blobmsg_name(b)) + 1;
+       n = strlen(blobmsg_name(b));
        s = calloc_a(sizeof(*s),
-               &d_id, n,
+               &d_id, n + 1,
                &d_instance, _tb[SERVICE_INSTANCE] ? strlen(blobmsg_get_string(_tb[SERVICE_INSTANCE])) + 1 : 0,
                &d_service, strlen(blobmsg_get_string(_tb[SERVICE_SERVICE])) + 1,
                &d_txt, txt_len);