Now I'm not 100% sure if this is actually new or due to the code moving, since there's a new helper function involved, and I also know I had to hand-merge this section due to the zboot related changes.
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 15 Nov 2021 17:10:36 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s)
** CID 131256: Security best practices violations (STRING_OVERFLOW) /boot/pxe_utils.c: 468 in label_boot()
________________________________________________________________________________________________________ *** CID 131256: Security best practices violations (STRING_OVERFLOW) /boot/pxe_utils.c: 468 in label_boot() 462 printf("Skipping %s for failure retrieving initrd\n", 463 label->name); 464 return 1; 465 } 466 467 initrd_addr_str = env_get("ramdisk_addr_r");
CID 131256: Security best practices violations (STRING_OVERFLOW) You might overrun the 10-character fixed-size string "initrd_filesize" by copying the return value of "simple_xtoa" without checking the length.
468 strcpy(initrd_filesize, simple_xtoa(size)); 469 470 strncpy(initrd_str, initrd_addr_str, 18); 471 strcat(initrd_str, ":"); 472 strncat(initrd_str, initrd_filesize, 9); 473 }
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----