[U-Boot] [PATCH 1/3] serial-uclass.c: Copy at most sdev.name - 1 characters into the buffer

Tue Dec 8 04:26:33 CET 2015

Coverity notes that we do not ensure a NULL terminated string here as we
could fill the entire buffer with our strncpy call.  Fix this by
subtracting one.

Reported-by: Coverity (CID 131093)
Cc: Simon Glass <sjg at chromium.org>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
 drivers/serial/serial-uclass.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c
index 842f78b..2ef82b0 100644
--- a/drivers/serial/serial-uclass.c
+++ b/drivers/serial/serial-uclass.c
@@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev)
 		return 0;
 	memset(&sdev, '\0', sizeof(sdev));
 
-	strncpy(sdev.name, dev->name, sizeof(sdev.name));
+	strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1);
 	sdev.flags = DEV_FLAGS_OUTPUT | DEV_FLAGS_INPUT;
 	sdev.priv = dev;
 	sdev.putc = serial_stub_putc;
-- 
1.7.9.5

