Message ID | 1449545195-18195-1-git-send-email-trini@konsulko.com |
---|---|
State | Superseded |
Headers | show |
On 7 December 2015 at 20:26, Tom Rini <trini@konsulko.com> wrote: > Coverity notes that we do not ensure a NULL terminated string here as we > could fill the entire buffer with our strncpy call. Fix this by > subtracting one. > > Reported-by: Coverity (CID 131093) > Cc: Simon Glass <sjg@chromium.org> > Signed-off-by: Tom Rini <trini@konsulko.com> > --- > drivers/serial/serial-uclass.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Simon Glass <sjg@chromium.org> > > diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c > index 842f78b..2ef82b0 100644 > --- a/drivers/serial/serial-uclass.c > +++ b/drivers/serial/serial-uclass.c > @@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev) > return 0; > memset(&sdev, '\0', sizeof(sdev)); > > - strncpy(sdev.name, dev->name, sizeof(sdev.name)); > + strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1); There is also strlcpy() if you want it. > sdev.flags = DEV_FLAGS_OUTPUT | DEV_FLAGS_INPUT; > sdev.priv = dev; > sdev.putc = serial_stub_putc; > -- > 1.7.9.5 >
On Tue, Dec 08, 2015 at 12:35:18PM -0700, Simon Glass wrote: > On 7 December 2015 at 20:26, Tom Rini <trini@konsulko.com> wrote: > > Coverity notes that we do not ensure a NULL terminated string here as we > > could fill the entire buffer with our strncpy call. Fix this by > > subtracting one. > > > > Reported-by: Coverity (CID 131093) > > Cc: Simon Glass <sjg@chromium.org> > > Signed-off-by: Tom Rini <trini@konsulko.com> > > --- > > drivers/serial/serial-uclass.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Reviewed-by: Simon Glass <sjg@chromium.org> > > > > > diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c > > index 842f78b..2ef82b0 100644 > > --- a/drivers/serial/serial-uclass.c > > +++ b/drivers/serial/serial-uclass.c > > @@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev) > > return 0; > > memset(&sdev, '\0', sizeof(sdev)); > > > > - strncpy(sdev.name, dev->name, sizeof(sdev.name)); > > + strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1); > > There is also strlcpy() if you want it. Ah good. Yeah, I think I should v2 this patch and use strlcpy as there's going to be many more of these I bet to come.
diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c index 842f78b..2ef82b0 100644 --- a/drivers/serial/serial-uclass.c +++ b/drivers/serial/serial-uclass.c @@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev) return 0; memset(&sdev, '\0', sizeof(sdev)); - strncpy(sdev.name, dev->name, sizeof(sdev.name)); + strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1); sdev.flags = DEV_FLAGS_OUTPUT | DEV_FLAGS_INPUT; sdev.priv = dev; sdev.putc = serial_stub_putc;
Coverity notes that we do not ensure a NULL terminated string here as we could fill the entire buffer with our strncpy call. Fix this by subtracting one. Reported-by: Coverity (CID 131093) Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> --- drivers/serial/serial-uclass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)