[U-Boot] [PATCH 1/3] serial-uclass.c: Copy at most sdev.name - 1 characters into the buffer
Simon Glass
sjg at chromium.org
Tue Dec 8 20:35:18 CET 2015
On 7 December 2015 at 20:26, Tom Rini <trini at konsulko.com> wrote:
> Coverity notes that we do not ensure a NULL terminated string here as we
> could fill the entire buffer with our strncpy call. Fix this by
> subtracting one.
>
> Reported-by: Coverity (CID 131093)
> Cc: Simon Glass <sjg at chromium.org>
> Signed-off-by: Tom Rini <trini at konsulko.com>
> ---
> drivers/serial/serial-uclass.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
>
> diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c
> index 842f78b..2ef82b0 100644
> --- a/drivers/serial/serial-uclass.c
> +++ b/drivers/serial/serial-uclass.c
> @@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev)
> return 0;
> memset(&sdev, '\0', sizeof(sdev));
>
> - strncpy(sdev.name, dev->name, sizeof(sdev.name));
> + strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1);
There is also strlcpy() if you want it.
> sdev.flags = DEV_FLAGS_OUTPUT | DEV_FLAGS_INPUT;
> sdev.priv = dev;
> sdev.putc = serial_stub_putc;
> --
> 1.7.9.5
>
More information about the U-Boot
mailing list