Hi, On 27 October 2016 at 18:22, Siarhei Siamashka <[email protected]> wrote: > On Thu, 27 Oct 2016 18:38:40 -0600 > Simon Glass <[email protected]> wrote: > >> Coverity complains that this can overflow. If we later increase the size >> of one of the strings in the table, it could happen. >> >> Adjust the code to protect against this. >> >> Signed-off-by: Simon Glass <[email protected]> >> Reported-by: Coverity (CID: 150964) >> --- >> >> Changes in v2: >> - Drop unwanted #include >> >> common/image.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/common/image.c b/common/image.c >> index 0e86c13..4255267 100644 >> --- a/common/image.c >> +++ b/common/image.c >> @@ -590,7 +590,7 @@ static const char *unknown_msg(enum ih_category category) >> static char msg[30]; >> >> strcpy(msg, "Unknown "); >> - strcat(msg, table_info[category].desc); >> + strncat(msg, table_info[category].desc, sizeof(msg) - 1); > > "man strncat" on my system says: > > char *strncat(char *dest, const char *src, size_t n); > > ... > > If src contains n or more bytes, strncat() writes n+1 bytes to > dest (n from src plus the terminating null byte). Therefore, > the size of dest must be at least strlen(dest)+n+1. > >> >> return msg; >> } >
That's odd as it does not seem to match the U-Boot implementation. But neither does my code in fact. I'll try v3. I suspect U-Boot's string functions could use some tests! Regards, Simon _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
