Hi, Static analysis detected inappropriate use of strcpy function[1] in topology-linux.c. There are more places like this, but here data comes from dev configuration file and I think we should fix it in the first place.
Below is the patch which fixes those which concern me. Unfortunately strncpy does not guarantee that string will be NULL terminated which may cause other problems. I am leaving it up to you whether you want to address that or no. Thanks, Lukas [1]: http://cwe.mitre.org/data/definitions/676.html diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c index 82423ff..0512bac 100644 --- a/hwloc/topology-linux.c +++ b/hwloc/topology-linux.c @@ -4347,15 +4347,15 @@ hwloc_linux_block_class_fillinfos(struct hwloc_backend *backend, if (tmp) *tmp = '\0'; if (!strncmp(line, "E:ID_VENDOR=", strlen("E:ID_VENDOR="))) { - strcpy(vendor, line+strlen("E:ID_VENDOR=")); + strncpy(vendor, line+strlen("E:ID_VENDOR="), sizeof(vendor)); } else if (!strncmp(line, "E:ID_MODEL=", strlen("E:ID_MODEL="))) { - strcpy(model, line+strlen("E:ID_MODEL=")); + strncpy(model, line+strlen("E:ID_MODEL="), sizeof(model)); } else if (!strncmp(line, "E:ID_REVISION=", strlen("E:ID_REVISION="))) { - strcpy(revision, line+strlen("E:ID_REVISION=")); + strncpy(revision, line+strlen("E:ID_REVISION="), sizeof(revision)); } else if (!strncmp(line, "E:ID_SERIAL_SHORT=", strlen("E:ID_SERIAL_SHORT="))) { - strcpy(serial, line+strlen("E:ID_SERIAL_SHORT=")); + strncpy(serial, line+strlen("E:ID_SERIAL_SHORT="), sizeof(serial)); } else if (!strncmp(line, "E:ID_TYPE=", strlen("E:ID_TYPE="))) { - strcpy(blocktype, line+strlen("E:ID_TYPE=")); + strncpy(blocktype, line+strlen("E:ID_TYPE="), sizeof(blocktype)); } } fclose(fd); @@ -4493,7 +4493,7 @@ hwloc_linux_lookup_block_class(struct hwloc_backend *backend, int dummy; int res = 0; - strcpy(path, pcidevpath); + strncpy(path, pcidevpath, sizeof(path)); pathlen = strlen(path); -------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN. Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.
