[U-Boot] [PATCH v2 2/2] image: Protect against overflow in unknown_msg()
Siarhei Siamashka
siarhei.siamashka at gmail.com
Fri Oct 28 03:22:57 CEST 2016
On Thu, 27 Oct 2016 18:38:40 -0600
Simon Glass <sjg at chromium.org> wrote:
> Coverity complains that this can overflow. If we later increase the size
> of one of the strings in the table, it could happen.
>
> Adjust the code to protect against this.
>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> Reported-by: Coverity (CID: 150964)
> ---
>
> Changes in v2:
> - Drop unwanted #include
>
> common/image.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/image.c b/common/image.c
> index 0e86c13..4255267 100644
> --- a/common/image.c
> +++ b/common/image.c
> @@ -590,7 +590,7 @@ static const char *unknown_msg(enum ih_category category)
> static char msg[30];
>
> strcpy(msg, "Unknown ");
> - strcat(msg, table_info[category].desc);
> + strncat(msg, table_info[category].desc, sizeof(msg) - 1);
"man strncat" on my system says:
char *strncat(char *dest, const char *src, size_t n);
...
If src contains n or more bytes, strncat() writes n+1 bytes to
dest (n from src plus the terminating null byte). Therefore,
the size of dest must be at least strlen(dest)+n+1.
>
> return msg;
> }
--
Best regards,
Siarhei Siamashka
More information about the U-Boot
mailing list