[PATCH] staging: most: protect potential string overflow
There maybe cause potential string overflow issue due to use strcpy without checking the length Detected By CoversityScan CID# 1444760 Fixes: 131ac62253dba:(staging: most: core: use device description as name) Signed-off-by: Bo YU --- drivers/staging/most/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/most/core.c b/drivers/staging/most/core.c index 956daf8c3bd2..0f26cebac91a 100644 --- a/drivers/staging/most/core.c +++ b/drivers/staging/most/core.c @@ -1431,7 +1431,7 @@ int most_register_interface(struct most_interface *iface) INIT_LIST_HEAD(&iface->p->channel_list); iface->p->dev_id = id; - strcpy(iface->p->name, iface->description); + strlcpy(iface->p->name, iface->description, sizeof(iface->p->name)); iface->dev.init_name = iface->p->name; iface->dev.bus = &mc.bus; iface->dev.parent = &mc.dev; -- 2.11.0 ___ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
Re: [PATCH] staging: most: protect potential string overflow
On Mon, Apr 22, 2019 at 10:20:18PM -0400, Bo YU wrote: > There maybe cause potential string overflow issue due to use > strcpy without checking the length > > Detected By CoversityScan CID# 1444760 > > Fixes: 131ac62253dba:(staging: most: core: use device description as name) It doesn't really fix anything, it just silences a static checker warning. > Signed-off-by: Bo YU > --- > drivers/staging/most/core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/most/core.c b/drivers/staging/most/core.c > index 956daf8c3bd2..0f26cebac91a 100644 > --- a/drivers/staging/most/core.c > +++ b/drivers/staging/most/core.c > @@ -1431,7 +1431,7 @@ int most_register_interface(struct most_interface > *iface) > > INIT_LIST_HEAD(&iface->p->channel_list); > iface->p->dev_id = id; > - strcpy(iface->p->name, iface->description); > + strlcpy(iface->p->name, iface->description, sizeof(iface->p->name)); We prefer strscpy() more than strlcpy() these days. regards, dan carpenter ___ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
Re: [PATCH] staging: most: protect potential string overflow
On Wed, Apr 24, 2019 at 10:55 PM Dan Carpenter wrote: > > On Mon, Apr 22, 2019 at 10:20:18PM -0400, Bo YU wrote: > > There maybe cause potential string overflow issue due to use > > strcpy without checking the length > > > > Detected By CoversityScan CID# 1444760 > > > > Fixes: 131ac62253dba:(staging: most: core: use device description as name) > > It doesn't really fix anything, it just silences a static checker > warning. > > > Signed-off-by: Bo YU > > --- > > drivers/staging/most/core.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/staging/most/core.c b/drivers/staging/most/core.c > > index 956daf8c3bd2..0f26cebac91a 100644 > > --- a/drivers/staging/most/core.c > > +++ b/drivers/staging/most/core.c > > @@ -1431,7 +1431,7 @@ int most_register_interface(struct most_interface > > *iface) > > > > INIT_LIST_HEAD(&iface->p->channel_list); > > iface->p->dev_id = id; > > - strcpy(iface->p->name, iface->description); > > + strlcpy(iface->p->name, iface->description, sizeof(iface->p->name)); > > We prefer strscpy() more than strlcpy() these days. Ok,will try it. Thanks, > > regards, > dan carpenter > ___ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
