diff mbox series

libffs: Fix string truncation gcc warning.

Message ID 20190220030912.14093-1-stewart@linux.ibm.com
State Superseded
Headers show
Series libffs: Fix string truncation gcc warning. | expand

Checks

Context Check Description
snowpatch_ozlabs/apply_patch success master/apply_patch Successfully applied
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot success Test snowpatch/job/snowpatch-skiboot on branch master

Commit Message

Stewart Smith Feb. 20, 2019, 3:09 a.m. UTC 
From: Michal Suchanek <msuchanek@suse.de>

Allow one more byte copied. The allocated space has extra byte anyway.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
 libflash/libffs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Oliver O'Halloran Feb. 20, 2019, 4:10 a.m. UTC | #1 
On Wed, Feb 20, 2019 at 2:11 PM Stewart Smith <stewart@linux.ibm.com> wrote:
>
> From: Michal Suchanek <msuchanek@suse.de>
>
> Allow one more byte copied. The allocated space has extra byte anyway.
>
> Signed-off-by: Michal Suchanek <msuchanek@suse.de>
> ---
>  libflash/libffs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libflash/libffs.c b/libflash/libffs.c
> index 221c2b024c10..4eb0ffa997ac 100644
> --- a/libflash/libffs.c
> +++ b/libflash/libffs.c
> @@ -522,7 +522,7 @@ int ffs_part_info(struct ffs_handle *ffs, uint32_t part_idx,
>                 n = calloc(1, FFS_PART_NAME_MAX + 1);
>                 if (!n)
>                         return FLASH_ERR_MALLOC_FAILED;
> -               strncpy(n, ent->name, FFS_PART_NAME_MAX);
> +               strncpy(n, ent->name, FFS_PART_NAME_MAX + 1);

Eh... If the partition name uses all 16 bytes of the name (i.e it's
not terminated) then ent->name will be left unterminated with this
change. The comments on ffs_entry are correct the name field is
supposed to be terminated anyway so only copying FFS_PART_NAME_MAX
(15) bytes is better since it doesn't require the FFS input to be well
formed.

>                 *name = n;
>         }
>         return 0;
> --
> 2.20.1
>
> _______________________________________________
> Skiboot mailing list
> Skiboot@lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/skiboot
Oliver O'Halloran Feb. 20, 2019, 4:11 a.m. UTC | #2 
On Wed, Feb 20, 2019 at 3:10 PM Oliver <oohall@gmail.com> wrote:
>
> On Wed, Feb 20, 2019 at 2:11 PM Stewart Smith <stewart@linux.ibm.com> wrote:
> >
> > From: Michal Suchanek <msuchanek@suse.de>
> >
> > Allow one more byte copied. The allocated space has extra byte anyway.
> >
> > Signed-off-by: Michal Suchanek <msuchanek@suse.de>
> > ---
> >  libflash/libffs.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libflash/libffs.c b/libflash/libffs.c
> > index 221c2b024c10..4eb0ffa997ac 100644
> > --- a/libflash/libffs.c
> > +++ b/libflash/libffs.c
> > @@ -522,7 +522,7 @@ int ffs_part_info(struct ffs_handle *ffs, uint32_t part_idx,
> >                 n = calloc(1, FFS_PART_NAME_MAX + 1);
> >                 if (!n)
> >                         return FLASH_ERR_MALLOC_FAILED;
> > -               strncpy(n, ent->name, FFS_PART_NAME_MAX);
> > +               strncpy(n, ent->name, FFS_PART_NAME_MAX + 1);
>
> Eh... If the partition name uses all 16 bytes of the name (i.e it's
> not terminated) then ent->name will be left unterminated with this
> change. The comments on ffs_entry are correct the name field is
> supposed to be terminated anyway so only copying FFS_PART_NAME_MAX
> (15) bytes is better since it doesn't require the FFS input to be well
> formed.

s/ent->name/n/

>
> >                 *name = n;
> >         }
> >         return 0;
> > --
> > 2.20.1
> >
> > _______________________________________________
> > Skiboot mailing list
> > Skiboot@lists.ozlabs.org
> > https://lists.ozlabs.org/listinfo/skiboot
Vasant Hegde Feb. 26, 2019, 6:25 a.m. UTC | #3 
On 02/20/2019 09:40 AM, Oliver wrote:
> On Wed, Feb 20, 2019 at 2:11 PM Stewart Smith <stewart@linux.ibm.com> wrote:
>>
>> From: Michal Suchanek <msuchanek@suse.de>
>>
>> Allow one more byte copied. The allocated space has extra byte anyway.
>>
>> Signed-off-by: Michal Suchanek <msuchanek@suse.de>
>> ---
>>   libflash/libffs.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libflash/libffs.c b/libflash/libffs.c
>> index 221c2b024c10..4eb0ffa997ac 100644
>> --- a/libflash/libffs.c
>> +++ b/libflash/libffs.c
>> @@ -522,7 +522,7 @@ int ffs_part_info(struct ffs_handle *ffs, uint32_t part_idx,
>>                  n = calloc(1, FFS_PART_NAME_MAX + 1);
>>                  if (!n)
>>                          return FLASH_ERR_MALLOC_FAILED;
>> -               strncpy(n, ent->name, FFS_PART_NAME_MAX);
>> +               strncpy(n, ent->name, FFS_PART_NAME_MAX + 1);
> 
> Eh... If the partition name uses all 16 bytes of the name (i.e it's
> not terminated) then ent->name will be left unterminated with this
> change. The comments on ffs_entry are correct the name field is
> supposed to be terminated anyway so only copying FFS_PART_NAME_MAX
> (15) bytes is better since it doesn't require the FFS input to be well
> formed.

Looks like we make sure ent->name is NULL terminate. Just to be safer we can 
explicitly
NULL terminate `n` here.
	n[ FFS_PART_NAME_MAX] = '\0';


-Vasant
diff mbox series

Patch

diff --git a/libflash/libffs.c b/libflash/libffs.c
index 221c2b024c10..4eb0ffa997ac 100644
--- a/libflash/libffs.c
+++ b/libflash/libffs.c
@@ -522,7 +522,7 @@  int ffs_part_info(struct ffs_handle *ffs, uint32_t part_idx,
 		n = calloc(1, FFS_PART_NAME_MAX + 1);
 		if (!n)
 			return FLASH_ERR_MALLOC_FAILED;
-		strncpy(n, ent->name, FFS_PART_NAME_MAX);
+		strncpy(n, ent->name, FFS_PART_NAME_MAX + 1);
 		*name = n;
 	}
 	return 0;