diff mbox

[U-Boot,v4,2/2] image: Protect against overflow in unknown_msg()

Message ID 1477930386-25328-2-git-send-email-sjg@chromium.org
State Accepted
Commit ae3de0d8caf1822da076b2cc947ea89a0b560e05
Delegated to: Tom Rini
Headers show

Commit Message

Simon Glass Oct. 31, 2016, 4:13 p.m. UTC 
Coverity complains that this can overflow. If we later increase the size
of one of the strings in the table, it could happen.

Adjust the code to protect against this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150964)
---

Changes in v4:
- Add missing [] (tested)

Changes in v3:
- Adjust to deal with what strncpy() actually does (I think)

Changes in v2:
- Drop unwanted #include

 common/image.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/common/image.c b/common/image.c
index 0e86c13..7604494 100644
--- a/common/image.c
+++ b/common/image.c
@@ -587,10 +587,12 @@  const table_entry_t *get_table_entry(const table_entry_t *table, int id)
 
 static const char *unknown_msg(enum ih_category category)
 {
+	static const char unknown_str[] = "Unknown ";
 	static char msg[30];
 
-	strcpy(msg, "Unknown ");
-	strcat(msg, table_info[category].desc);
+	strcpy(msg, unknown_str);
+	strncat(msg, table_info[category].desc,
+		sizeof(msg) - sizeof(unknown_str));
 
 	return msg;
 }