[U-Boot] [PATCH v3 2/2] image: Protect against overflow in unknown_msg()
Tom Rini
trini at konsulko.com
Fri Oct 28 20:59:55 CEST 2016
On Thu, Oct 27, 2016 at 08:18:39PM -0600, Simon Glass wrote:
> Coverity complains that this can overflow. If we later increase the size
> of one of the strings in the table, it could happen.
>
> Adjust the code to protect against this.
>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> Reported-by: Coverity (CID: 150964)
> ---
>
> Changes in v3:
> - Adjust to deal with what strncpy() actually does (I think)
>
> Changes in v2:
> - Drop unwanted #include
>
> common/image.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/common/image.c b/common/image.c
> index 0e86c13..016f263 100644
> --- a/common/image.c
> +++ b/common/image.c
> @@ -588,9 +588,11 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id)
> static const char *unknown_msg(enum ih_category category)
> {
> static char msg[30];
> + static char unknown_str = "Unknown ";
>
> - strcpy(msg, "Unknown ");
> - strcat(msg, table_info[category].desc);
> + strcpy(msg, unknown_str);
> + strncat(msg, table_info[category].desc,
> + sizeof(msg) - sizeof(unknown_str));
We still need to subtract 1 more here at the end, for the NUL don't we?
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161028/6a2dd807/attachment.sig>
More information about the U-Boot
mailing list