On Tue, Dec 08, 2015 at 12:35:18PM -0700, Simon Glass wrote:
On 7 December 2015 at 20:26, Tom Rini trini@konsulko.com wrote:
Coverity notes that we do not ensure a NULL terminated string here as we could fill the entire buffer with our strncpy call. Fix this by subtracting one.
Reported-by: Coverity (CID 131093) Cc: Simon Glass sjg@chromium.org Signed-off-by: Tom Rini trini@konsulko.com
drivers/serial/serial-uclass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org
diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c index 842f78b..2ef82b0 100644 --- a/drivers/serial/serial-uclass.c +++ b/drivers/serial/serial-uclass.c @@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev) return 0; memset(&sdev, '\0', sizeof(sdev));
strncpy(sdev.name, dev->name, sizeof(sdev.name));
strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1);There is also strlcpy() if you want it.
Ah good. Yeah, I think I should v2 this patch and use strlcpy as there's going to be many more of these I bet to come.