| Message ID | 1477509552-9047-2-git-send-email-sjg@chromium.org |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
On Wed, Oct 26, 2016 at 01:19:12PM -0600, Simon Glass wrote: > Coverity complains that this can overflow. If we later increase the size > of one of the strings in the table, it could happen. > > Adjust the code to protect against this. > > Signed-off-by: Simon Glass <sjg@chromium.org> > Reported-by: Coverity (CID: 150964) > --- > > common/image.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/common/image.c b/common/image.c > index 0e86c13..dfd1779 100644 > --- a/common/image.c > +++ b/common/image.c > @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) > } > return NULL; > } > +#include <linux/string.h> > > static const char *unknown_msg(enum ih_category category) > { > static char msg[30]; > > strcpy(msg, "Unknown "); > - strcat(msg, table_info[category].desc); > + strncat(msg, table_info[category].desc, sizeof(msg) - 1); > > return msg; > } We should add the include up top with the others :)
Hi Tom, On 26 October 2016 at 14:49, Tom Rini <trini@konsulko.com> wrote: > On Wed, Oct 26, 2016 at 01:19:12PM -0600, Simon Glass wrote: >> Coverity complains that this can overflow. If we later increase the size >> of one of the strings in the table, it could happen. >> >> Adjust the code to protect against this. >> >> Signed-off-by: Simon Glass <sjg@chromium.org> >> Reported-by: Coverity (CID: 150964) >> --- >> >> common/image.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/common/image.c b/common/image.c >> index 0e86c13..dfd1779 100644 >> --- a/common/image.c >> +++ b/common/image.c >> @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) >> } >> return NULL; >> } >> +#include <linux/string.h> >> >> static const char *unknown_msg(enum ih_category category) >> { >> static char msg[30]; >> >> strcpy(msg, "Unknown "); >> - strcat(msg, table_info[category].desc); >> + strncat(msg, table_info[category].desc, sizeof(msg) - 1); >> >> return msg; >> } > > We should add the include up top with the others :) Ooops I left that in. It is not needed. Regards, Simon
diff --git a/common/image.c b/common/image.c index 0e86c13..dfd1779 100644 --- a/common/image.c +++ b/common/image.c @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) } return NULL; } +#include <linux/string.h> static const char *unknown_msg(enum ih_category category) { static char msg[30]; strcpy(msg, "Unknown "); - strcat(msg, table_info[category].desc); + strncat(msg, table_info[category].desc, sizeof(msg) - 1); return msg; }
Coverity complains that this can overflow. If we later increase the size of one of the strings in the table, it could happen. Adjust the code to protect against this. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 150964) --- common/image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)