| Message ID | 20170515100135.guvreypnckqolnrq@mwanda (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Am 15.05.2017 12:01, schrieb Dan Carpenter: > We're putting the NUL terminators one space beyond where they belong. > This doesn't show up in testing because all but the callers put a NUL in > the correct place themselves. LOL. It causes a static checker warning > about buffer overflows. > > Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h > index 74b5a1c7ac9a..c53241a7a281 100644 > --- a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h > +++ b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h > @@ -117,7 +117,7 @@ STORAGE_CLASS_INLINE int strncpy_s( > > /* dest_str is big enough for the len */ > strncpy(dest_str, src_str, len); > - dest_str[len+1] = '\0'; > + dest_str[len] = '\0'; > return 0; > } > > @@ -157,7 +157,7 @@ STORAGE_CLASS_INLINE int strcpy_s( > > /* dest_str is big enough for the len */ > strncpy(dest_str, src_str, len); > - dest_str[len+1] = '\0'; > + dest_str[len] = '\0'; > return 0; > } > can this strcpy_s() replaced with strlcpy ? re, wh > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >
On Mon, May 15, 2017 at 12:21:45PM +0200, walter harms wrote: > can this strcpy_s() replaced with strlcpy ? > These functions obviously should be removed, yes. Please send a patch for that and we can drop my patches. Give David reported-by credit. regards, dan carpenter
diff --git a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h index 74b5a1c7ac9a..c53241a7a281 100644 --- a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h +++ b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h @@ -117,7 +117,7 @@ STORAGE_CLASS_INLINE int strncpy_s( /* dest_str is big enough for the len */ strncpy(dest_str, src_str, len); - dest_str[len+1] = '\0'; + dest_str[len] = '\0'; return 0; } @@ -157,7 +157,7 @@ STORAGE_CLASS_INLINE int strcpy_s( /* dest_str is big enough for the len */ strncpy(dest_str, src_str, len); - dest_str[len+1] = '\0'; + dest_str[len] = '\0'; return 0; }
We're putting the NUL terminators one space beyond where they belong. This doesn't show up in testing because all but the callers put a NUL in the correct place themselves. LOL. It causes a static checker warning about buffer overflows. Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>