From 819c2e5190023dd296ef5ddd45e42e448b5cb359 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 12 Dec 2017 11:48:12 -0500
Subject: [PATCH] fix possible not null-terminated strncpy.  Wouldn't actually
 happen because we are copying from the db field which is 1 smaller than the
 variable but Coverity doesn't know that.

---
 src/zm_storage.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/zm_storage.cpp b/src/zm_storage.cpp
index 26e4387a0..0b3857302 100644
--- a/src/zm_storage.cpp
+++ b/src/zm_storage.cpp
@@ -34,15 +34,15 @@ Storage::Storage() {
     // not using an absolute path. Make it one by appending ZM_PATH_WEB
     snprintf( path, sizeof (path), "%s/%s", staticConfig.PATH_WEB.c_str( ), staticConfig.DIR_EVENTS.c_str() );
   } else {
-    strncpy(path, staticConfig.DIR_EVENTS.c_str(), sizeof(path) );
+    strncpy(path, staticConfig.DIR_EVENTS.c_str(), sizeof(path)-1 );
   }
 }
 
 Storage::Storage( MYSQL_ROW &dbrow ) {
 	unsigned int index = 0;
 	id = atoi( dbrow[index++] );
-	strncpy( name, dbrow[index++], sizeof(name) );
-	strncpy( path, dbrow[index++], sizeof(path) );
+	strncpy( name, dbrow[index++], sizeof(name)-1 );
+	strncpy( path, dbrow[index++], sizeof(path)-1 );
 }
 
 /* If a zero or invalid p_id is passed, then the old default path will be assumed.  */
@@ -69,7 +69,7 @@ Storage::Storage( unsigned int p_id ) {
       // not using an absolute path. Make it one by appending ZM_PATH_WEB
       snprintf( path, sizeof (path), "%s/%s", staticConfig.PATH_WEB.c_str( ), staticConfig.DIR_EVENTS.c_str() );
     } else {
-      strncpy(path, staticConfig.DIR_EVENTS.c_str(), sizeof(path) );
+      strncpy(path, staticConfig.DIR_EVENTS.c_str(), sizeof(path)-1 );
     }
 		Debug(1,"No id passed to Storage constructor.  Using default path %s instead", path );
 		strcpy(name, "Default");