[U-Boot] [PATCH] common: cli_simple: use strncpy instead of strcpy
Peng Fan
van.freenix at gmail.com
Sun Jan 10 05:59:05 CET 2016
On Sat, Jan 09, 2016 at 09:03:59AM -0500, Tom Rini wrote:
>On Sat, Jan 09, 2016 at 09:31:48PM +0800, Peng Fan wrote:
>
>> Report Coverity log:
>> Destination buffer too small (STRING_OVERFLOW)
>> string_overflow: You might overrun the 1024 byte destination string
>> lastcommand by writing 1025 bytes from console_buffer
>>
>> Signed-off-by: Peng Fan <van.freenix at gmail.com>
>> Cc: Heiko Schocher <hs at denx.de>
>> Cc: Simon Glass <sjg at chromium.org>
>> Cc: Tom Rini <trini at konsulko.com>
>> ---
>> common/cli_simple.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/common/cli_simple.c b/common/cli_simple.c
>> index 9c3d073..c51f963 100644
>> --- a/common/cli_simple.c
>> +++ b/common/cli_simple.c
>> @@ -276,7 +276,8 @@ void cli_simple_loop(void)
>>
>> flag = 0; /* assume no special flags for now */
>> if (len > 0)
>> - strcpy(lastcommand, console_buffer);
>> + strncpy(lastcommand, console_buffer,
>> + CONFIG_SYS_CBSIZE + 1);
>> else if (len == 0)
>> flag |= CMD_FLAG_REPEAT;
>> #ifdef CONFIG_BOOT_RETRY_TIME
>
>So, long term I would like to see use move to using strlcpy for the
>normal case (it might not make sense when working with various defined
>protocols, etc). Thanks!
Thanks. Just read this, https://www.sudo.ws/todd/papers/strlcpy.html.
strlcpy is a better choice.
Thanks,
Peng.
>
>--
>Tom
More information about the U-Boot
mailing list