Re: [PATCH] drm: etnaviv: fix strncpy sizeof argument
On Tue, Mar 19, 2019 at 6:22 PM Russell King - ARM Linux admin wrote: > > On Mon, Mar 18, 2019 at 10:57:55PM -0400, Bo YU wrote: > > Calling strncpy with a maximum size argument of 64 bytes on destination > > array "domain->name" of size 64 bytes might leave the destination string > > unterminated. > > > > Detected by CoverityScan, CID# 1443992: Memory - illegal accesses > > (BUFFER_SIZE_WARNING) > > > > Fixes: 9e2c2e2730126 (drm/etnaviv: add infrastructure to query perf counter) > > Signed-off-by: Bo YU > > --- > > drivers/gpu/drm/etnaviv/etnaviv_perfmon.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > > b/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > > index 4227a4006c34..08ca3c44be48 100644 > > --- a/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > > +++ b/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > > @@ -414,7 +414,7 @@ int etnaviv_pm_query_dom(struct etnaviv_gpu *gpu, > > > > domain->id = domain->iter; > > domain->nr_signals = dom->nr_signals; > > - strncpy(domain->name, dom->name, sizeof(domain->name)); > > + strncpy(domain->name, dom->name, sizeof(dom->name)); > > This introduces an overflow bug if sizeof(dom->name) > > sizeof(domain->name). If both sizes are the same, then there is no > effect. Oops,It seems more worse than original code. > > strlcpy() would be a better replacement, it guarantees that the > destination will be correctly terminated. But there are too many strcpy like usage in kernel, Does it matter? > > -- > RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ > FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up > According to speedtest.net: 11.9Mbps down 500kbps up ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm: etnaviv: fix strncpy sizeof argument
On Mon, Mar 18, 2019 at 10:57:55PM -0400, Bo YU wrote: > Calling strncpy with a maximum size argument of 64 bytes on destination > array "domain->name" of size 64 bytes might leave the destination string > unterminated. > > Detected by CoverityScan, CID# 1443992: Memory - illegal accesses > (BUFFER_SIZE_WARNING) > > Fixes: 9e2c2e2730126 (drm/etnaviv: add infrastructure to query perf counter) > Signed-off-by: Bo YU > --- > drivers/gpu/drm/etnaviv/etnaviv_perfmon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > b/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > index 4227a4006c34..08ca3c44be48 100644 > --- a/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > +++ b/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c > @@ -414,7 +414,7 @@ int etnaviv_pm_query_dom(struct etnaviv_gpu *gpu, > > domain->id = domain->iter; > domain->nr_signals = dom->nr_signals; > - strncpy(domain->name, dom->name, sizeof(domain->name)); > + strncpy(domain->name, dom->name, sizeof(dom->name)); This introduces an overflow bug if sizeof(dom->name) > sizeof(domain->name). If both sizes are the same, then there is no effect. strlcpy() would be a better replacement, it guarantees that the destination will be correctly terminated. -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTC broadband for 0.8mile line in suburbia: sync at 12.1Mbps down 622kbps up According to speedtest.net: 11.9Mbps down 500kbps up ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] drm: etnaviv: fix strncpy sizeof argument
Calling strncpy with a maximum size argument of 64 bytes on destination array "domain->name" of size 64 bytes might leave the destination string unterminated. Detected by CoverityScan, CID# 1443992: Memory - illegal accesses (BUFFER_SIZE_WARNING) Fixes: 9e2c2e2730126 (drm/etnaviv: add infrastructure to query perf counter) Signed-off-by: Bo YU --- drivers/gpu/drm/etnaviv/etnaviv_perfmon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c b/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c index 4227a4006c34..08ca3c44be48 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_perfmon.c @@ -414,7 +414,7 @@ int etnaviv_pm_query_dom(struct etnaviv_gpu *gpu, domain->id = domain->iter; domain->nr_signals = dom->nr_signals; - strncpy(domain->name, dom->name, sizeof(domain->name)); + strncpy(domain->name, dom->name, sizeof(dom->name)); domain->iter++; if (domain->iter == meta->nr_domains) -- 2.11.0 ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel