On Thu, Oct 27, 2016 at 08:18:39PM -0600, Simon Glass wrote: > Coverity complains that this can overflow. If we later increase the size > of one of the strings in the table, it could happen. > > Adjust the code to protect against this. > > Signed-off-by: Simon Glass <[email protected]> > Reported-by: Coverity (CID: 150964) > --- > > Changes in v3: > - Adjust to deal with what strncpy() actually does (I think) > > Changes in v2: > - Drop unwanted #include > > common/image.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/common/image.c b/common/image.c > index 0e86c13..016f263 100644 > --- a/common/image.c > +++ b/common/image.c > @@ -588,9 +588,11 @@ const table_entry_t *get_table_entry(const table_entry_t > *table, int id) > static const char *unknown_msg(enum ih_category category) > { > static char msg[30]; > + static char unknown_str = "Unknown "; > > - strcpy(msg, "Unknown "); > - strcat(msg, table_info[category].desc); > + strcpy(msg, unknown_str); > + strncat(msg, table_info[category].desc, > + sizeof(msg) - sizeof(unknown_str));
We still need to subtract 1 more here at the end, for the NUL don't we? -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
