Thanks, I'll fix this. I'll try strlcpy() in case it's widely available enough. Otherwise I'll just add the ending \0 manually.
Brice Le 17/07/2015 12:56, Odzioba, Lukasz a écrit : > Hi, > Static analysis detected inappropriate use of strcpy function[1] in > topology-linux.c. > There are more places like this, but here data comes from dev configuration > file and I think we should fix it in the first place. > > Below is the patch which fixes those which concern me. > Unfortunately strncpy does not guarantee that string will be NULL terminated > which may cause other problems. > I am leaving it up to you whether you want to address that or no. > > Thanks, > Lukas > > [1]: http://cwe.mitre.org/data/definitions/676.html > > diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c > index 82423ff..0512bac 100644 > --- a/hwloc/topology-linux.c > +++ b/hwloc/topology-linux.c > @@ -4347,15 +4347,15 @@ hwloc_linux_block_class_fillinfos(struct > hwloc_backend *backend, > if (tmp) > *tmp = '\0'; > if (!strncmp(line, "E:ID_VENDOR=", strlen("E:ID_VENDOR="))) { > - strcpy(vendor, line+strlen("E:ID_VENDOR=")); > + strncpy(vendor, line+strlen("E:ID_VENDOR="), sizeof(vendor)); > } else if (!strncmp(line, "E:ID_MODEL=", strlen("E:ID_MODEL="))) { > - strcpy(model, line+strlen("E:ID_MODEL=")); > + strncpy(model, line+strlen("E:ID_MODEL="), sizeof(model)); > } else if (!strncmp(line, "E:ID_REVISION=", strlen("E:ID_REVISION="))) { > - strcpy(revision, line+strlen("E:ID_REVISION=")); > + strncpy(revision, line+strlen("E:ID_REVISION="), sizeof(revision)); > } else if (!strncmp(line, "E:ID_SERIAL_SHORT=", > strlen("E:ID_SERIAL_SHORT="))) { > - strcpy(serial, line+strlen("E:ID_SERIAL_SHORT=")); > + strncpy(serial, line+strlen("E:ID_SERIAL_SHORT="), sizeof(serial)); > } else if (!strncmp(line, "E:ID_TYPE=", strlen("E:ID_TYPE="))) { > - strcpy(blocktype, line+strlen("E:ID_TYPE=")); > + strncpy(blocktype, line+strlen("E:ID_TYPE="), sizeof(blocktype)); > } > } > fclose(fd); > @@ -4493,7 +4493,7 @@ hwloc_linux_lookup_block_class(struct hwloc_backend > *backend, > int dummy; > int res = 0; > > - strcpy(path, pcidevpath); > + strncpy(path, pcidevpath, sizeof(path)); > pathlen = strlen(path); > -------------------------------------------------------------------- > > Intel Technology Poland sp. z o.o. > ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII > Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP > 957-07-52-316 | Kapital zakladowy 200.000 PLN. > > Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i > moze zawierac informacje poufne. W razie przypadkowego otrzymania tej > wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; > jakiekolwiek > przegladanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for the > sole use of the intended recipient(s). If you are not the intended recipient, > please contact the sender and delete all copies; any review or distribution by > others is strictly prohibited. > > _______________________________________________ > hwloc-devel mailing list > hwloc-de...@open-mpi.org > Subscription: http://www.open-mpi.org/mailman/listinfo.cgi/hwloc-devel > Link to this post: > http://www.open-mpi.org/community/lists/hwloc-devel/2015/07/4494.php
