On Thu, 27 Oct 2016 18:38:40 -0600 Simon Glass <[email protected]> wrote:
> Coverity complains that this can overflow. If we later increase the size > of one of the strings in the table, it could happen. > > Adjust the code to protect against this. > > Signed-off-by: Simon Glass <[email protected]> > Reported-by: Coverity (CID: 150964) > --- > > Changes in v2: > - Drop unwanted #include > > common/image.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/common/image.c b/common/image.c > index 0e86c13..4255267 100644 > --- a/common/image.c > +++ b/common/image.c > @@ -590,7 +590,7 @@ static const char *unknown_msg(enum ih_category category) > static char msg[30]; > > strcpy(msg, "Unknown "); > - strcat(msg, table_info[category].desc); > + strncat(msg, table_info[category].desc, sizeof(msg) - 1); "man strncat" on my system says: char *strncat(char *dest, const char *src, size_t n); ... If src contains n or more bytes, strncat() writes n+1 bytes to dest (n from src plus the terminating null byte). Therefore, the size of dest must be at least strlen(dest)+n+1. > > return msg; > } -- Best regards, Siarhei Siamashka _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
