The use of strcpy() to remove characters at the start of a string is safe
in U-Boot, since we know the implementation. But in os.c we are using the
C library's strcpy() function, where this behaviour is not permitted.
Update the code to use memcpy() instead.
Reported-by: Coverity (CID: 173279)
Signed-off-by: Simon Glass <s...@chromium.org>
---
arch/sandbox/cpu/os.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c
index 5839932b00..496a8f9bd8 100644
--- a/arch/sandbox/cpu/os.c
+++ b/arch/sandbox/cpu/os.c
@@ -587,7 +587,8 @@ int os_find_u_boot(char *fname, int maxlen)
/* Look for 'u-boot' in the parent directory of spl/ */
p = strstr(fname, "/spl/");
if (p) {
- strcpy(p, p + 4);
+ /* Remove the "/spl" characters */
+ memmove(p, p + 4, strlen(p + 4) + 1);
fd = os_open(fname, O_RDONLY);
if (fd >= 0) {
close(fd);
--
2.18.0.rc1.242.g61856ae69a-goog
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
