From b0dc5013c452a6ae14a44622df552b9e1740bea8 Mon Sep 17 00:00:00 2001
From: Yunmi Ha <yunmi.ha@samsung.com>
Date: Tue, 27 Aug 2019 16:17:41 +0900
Subject: Fix svace issue

- change strcpy function to strncpy

Change-Id: Icadf6b2717d1093d8514b16e01fd03ceb44ea728
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
---
 hw/board/board.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/board/board.c b/hw/board/board.c
index d8bb35a..2cbc583 100644
--- a/hw/board/board.c
+++ b/hw/board/board.c
@@ -46,6 +46,7 @@ static int get_serialno_from_dat(void)
 {
 	FILE *fp;
 	char buffer[DATA_BUFF_MAX], *p, *q;
+	int len;
 
 	fp = fopen(SERIAL_PATH_NAME, "r");
 	if (!fp) {
@@ -62,7 +63,9 @@ static int get_serialno_from_dat(void)
 	q = strchrnul(p, '\n');
 	*q = '\0';
 
-	strcpy(info.serial, p);
+	len = strlen(p) > DATA_BUFF_MAX-1 ? DATA_BUFF_MAX-1 : strlen(p);
+	strncpy(info.serial, p, len);
+	info.serial[len] = '\0';
 	info.serial_len = strlen(p);
 
 	fclose(fp);
@@ -73,6 +76,7 @@ static int get_serialno_from_cpuinfo(void)
 {
 	FILE *fp;
 	char line[LINE_LEN], *p, *q;
+	int len;
 
 	fp = fopen(CPUINFO_PATH, "r");
 	if (!fp) {
@@ -97,7 +101,9 @@ static int get_serialno_from_cpuinfo(void)
 		q = strchrnul(p, '\n');
 		*q = '\0';
 
-		strcpy(info.serial, p);
+		len = strlen(p) > DATA_BUFF_MAX-1 ? DATA_BUFF_MAX-1 : strlen(p);
+		strncpy(info.serial, p, len);
+		info.serial[len] = '\0';
 		info.serial_len = strlen(p);
 
 		fclose(fp);
-- 
cgit v1.2.3