From patchwork Mon Oct 31 16:13:06 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 689437 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3t6ztx3b1Sz9s5g for ; Tue, 1 Nov 2016 03:13:44 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 7A3884B9AD; Mon, 31 Oct 2016 17:13:39 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JOQ9MdthoqpV; Mon, 31 Oct 2016 17:13:39 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id E90504B71E; Mon, 31 Oct 2016 17:13:38 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 491564B811 for ; Mon, 31 Oct 2016 17:13:35 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vr8pnTEmzMWV for ; Mon, 31 Oct 2016 17:13:35 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from kaki.bld.corp.google.com (unknown [104.132.211.80]) by theia.denx.de (Postfix) with ESMTPS id D7A004A039 for ; Mon, 31 Oct 2016 17:13:32 +0100 (CET) Received: by kaki.bld.corp.google.com (Postfix, from userid 121222) id 2A42D404D9; Mon, 31 Oct 2016 10:13:30 -0600 (MDT) From: Simon Glass To: U-Boot Mailing List Date: Mon, 31 Oct 2016 10:13:06 -0600 Message-Id: <1477930386-25328-2-git-send-email-sjg@chromium.org> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1477930386-25328-1-git-send-email-sjg@chromium.org> References: <1477930386-25328-1-git-send-email-sjg@chromium.org> Cc: Joe Hershberger , Tom Rini Subject: [U-Boot] [PATCH v4 2/2] image: Protect against overflow in unknown_msg() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Coverity complains that this can overflow. If we later increase the size of one of the strings in the table, it could happen. Adjust the code to protect against this. Signed-off-by: Simon Glass Reported-by: Coverity (CID: 150964) --- Changes in v4: - Add missing [] (tested) Changes in v3: - Adjust to deal with what strncpy() actually does (I think) Changes in v2: - Drop unwanted #include common/image.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/common/image.c b/common/image.c index 0e86c13..7604494 100644 --- a/common/image.c +++ b/common/image.c @@ -587,10 +587,12 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) static const char *unknown_msg(enum ih_category category) { + static const char unknown_str[] = "Unknown "; static char msg[30]; - strcpy(msg, "Unknown "); - strcat(msg, table_info[category].desc); + strcpy(msg, unknown_str); + strncat(msg, table_info[category].desc, + sizeof(msg) - sizeof(unknown_str)); return msg; }