[U-Boot] [PATCH v2] sandbox: Use memcpy() to move overlapping regions

Alexander Graf agraf at suse.de
Fri Nov 9 17:46:07 UTC 2018



> Am 09.11.2018 um 16:05 schrieb Simon Glass <sjg at chromium.org>:
> 
> The use of strcpy() to remove characters at the start of a string is safe
> in U-Boot, since we know the implementation. But in os.c we are using the
> C library's strcpy() function, where this behaviour is not permitted.
> 
> Update the code to use memcpy() instead.

Memmove, no? :)

Alex

> 
> Reported-by: Coverity (CID: 173279)
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---
> 
> Changes in v2:
> - Also remove the leading / from the "/spl" path
> - Correct the string calculation
> 
> arch/sandbox/cpu/os.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c
> index 07e46471fe5..04669bfc177 100644
> --- a/arch/sandbox/cpu/os.c
> +++ b/arch/sandbox/cpu/os.c
> @@ -641,9 +641,10 @@ int os_find_u_boot(char *fname, int maxlen)
>    }
> 
>    /* Look for 'u-boot' in the parent directory of spl/ */
> -    p = strstr(fname, "/spl/");
> +    p = strstr(fname, "spl/");
>    if (p) {
> -        strcpy(p, p + 4);
> +        /* Remove the "spl" characters */
> +        memmove(p, p + 4, strlen(p + 4) + 1);
>        fd = os_open(fname, O_RDONLY);
>        if (fd >= 0) {
>            close(fd);
> -- 
> 2.19.1.930.g4563a0d9d0-goog
> 


More information about the U-Boot mailing list