diff mbox

[2/2] staging/atomisp: putting NULs in the wrong place

Message ID 20170515100135.guvreypnckqolnrq@mwanda (mailing list archive)
State New, archived
Headers show

Commit Message

Dan Carpenter May 15, 2017, 10:01 a.m. UTC
We're putting the NUL terminators one space beyond where they belong.
This doesn't show up in testing because all but the callers put a NUL in
the correct place themselves.  LOL.  It causes a static checker warning
about buffer overflows.

Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Comments

Walter Harms May 15, 2017, 10:21 a.m. UTC | #1
Am 15.05.2017 12:01, schrieb Dan Carpenter:
> We're putting the NUL terminators one space beyond where they belong.
> This doesn't show up in testing because all but the callers put a NUL in
> the correct place themselves.  LOL.  It causes a static checker warning
> about buffer overflows.
> 
> Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h
> index 74b5a1c7ac9a..c53241a7a281 100644
> --- a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h
> +++ b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h
> @@ -117,7 +117,7 @@ STORAGE_CLASS_INLINE int strncpy_s(
>  
>  	/* dest_str is big enough for the len */
>  	strncpy(dest_str, src_str, len);
> -	dest_str[len+1] = '\0';
> +	dest_str[len] = '\0';
>  	return 0;
>  }
>  
> @@ -157,7 +157,7 @@ STORAGE_CLASS_INLINE int strcpy_s(
>  
>  	/* dest_str is big enough for the len */
>  	strncpy(dest_str, src_str, len);
> -	dest_str[len+1] = '\0';
> +	dest_str[len] = '\0';
>  	return 0;
>  }
>  

can this strcpy_s() replaced with strlcpy ?

re,
 wh


> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
Dan Carpenter May 15, 2017, 10:27 a.m. UTC | #2
On Mon, May 15, 2017 at 12:21:45PM +0200, walter harms wrote:
> can this strcpy_s() replaced with strlcpy ?
> 

These functions obviously should be removed, yes.  Please send a patch
for that and we can drop my patches.  Give David reported-by credit.

regards,
dan carpenter
diff mbox

Patch

diff --git a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h
index 74b5a1c7ac9a..c53241a7a281 100644
--- a/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h
+++ b/drivers/staging/media/atomisp/pci/atomisp2/css2400/hive_isp_css_include/string_support.h
@@ -117,7 +117,7 @@  STORAGE_CLASS_INLINE int strncpy_s(
 
 	/* dest_str is big enough for the len */
 	strncpy(dest_str, src_str, len);
-	dest_str[len+1] = '\0';
+	dest_str[len] = '\0';
 	return 0;
 }
 
@@ -157,7 +157,7 @@  STORAGE_CLASS_INLINE int strcpy_s(
 
 	/* dest_str is big enough for the len */
 	strncpy(dest_str, src_str, len);
-	dest_str[len+1] = '\0';
+	dest_str[len] = '\0';
 	return 0;
 }