From: Kent Gibson <warthog618@gmail.com>
To: Iker Pedrosa <ikerpedrosam@gmail.com>
Cc: brgl@bgdev.pl, ipedrosa@redhat.com, javierm@redhat.com,
perobins@redhat.com, linux-gpio@vger.kernel.org
Subject: Re: [libgpiod][PATCH 2/4] lib: line-info strings termination
Date: Wed, 17 Jul 2024 23:11:33 +0800 [thread overview]
Message-ID: <20240717151133.GA119430@rigel> (raw)
In-Reply-To: <d86be0c6c536429f515be080ea43cc7180396476.1721039339.git.ikerpedrosam@gmail.com>
On Wed, Jul 17, 2024 at 01:36:42PM +0200, Iker Pedrosa wrote:
> strncpy() truncates the destination buffer if it isn't large enough to
> hold the copy. Thus, let's terminate the strings with a NULL character
> at the end.
>
> Signed-off-by: Iker Pedrosa <ikerpedrosam@gmail.com>
> ---
> lib/line-info.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/lib/line-info.c b/lib/line-info.c
> index 9f53b04..2ded9ea 100644
> --- a/lib/line-info.c
> +++ b/lib/line-info.c
> @@ -148,10 +148,12 @@ gpiod_line_info_from_uapi(struct gpio_v2_line_info *uapi_info)
> memset(info, 0, sizeof(*info));
>
> info->offset = uapi_info->offset;
> - strncpy(info->name, uapi_info->name, GPIO_MAX_NAME_SIZE);
> + strncpy(info->name, uapi_info->name, GPIO_MAX_NAME_SIZE - 1);
> + info->name[GPIO_MAX_NAME_SIZE - 1] = '\0';
>
Given that uapi_info->name is not NULL terminated, this change can
incorrectly discard one character. The correct solution is to increase
the size of info->name to allow for the NULL terminator, which would
automatically be initialised by the memset.
> info->used = !!(uapi_info->flags & GPIO_V2_LINE_FLAG_USED);
> - strncpy(info->consumer, uapi_info->consumer, GPIO_MAX_NAME_SIZE);
> + strncpy(info->consumer, uapi_info->consumer, GPIO_MAX_NAME_SIZE - 1);
> + info->consumer[GPIO_MAX_NAME_SIZE - 1] = '\0';
>
Same here.
And same in patch 3.
Patches 1 and 4 look ok to me.
Cheers,
Kent.
> if (uapi_info->flags & GPIO_V2_LINE_FLAG_OUTPUT)
> info->direction = GPIOD_LINE_DIRECTION_OUTPUT;
> --
> 2.45.2
>
next prev parent reply other threads:[~2024-07-17 15:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 11:36 [libgpiod][PATCH 0/4] Fix issues detected by static analyzer Iker Pedrosa
2024-07-17 11:36 ` [libgpiod][PATCH 1/4] bindings: python: gpiod: avoid use after free Iker Pedrosa
2024-07-17 11:36 ` [libgpiod][PATCH 2/4] lib: line-info strings termination Iker Pedrosa
2024-07-17 15:11 ` Kent Gibson [this message]
2024-07-17 11:36 ` [libgpiod][PATCH 3/4] lib: chip-info " Iker Pedrosa
2024-07-17 11:36 ` [libgpiod][PATCH 4/4] tools: free to avoid leak Iker Pedrosa
2024-07-19 9:33 ` [libgpiod][PATCH 0/4] Fix issues detected by static analyzer Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240717151133.GA119430@rigel \
--to=warthog618@gmail.com \
--cc=brgl@bgdev.pl \
--cc=ikerpedrosam@gmail.com \
--cc=ipedrosa@redhat.com \
--cc=javierm@redhat.com \
--cc=linux-gpio@vger.kernel.org \
--cc=perobins@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).