From: Ameya Palande <ameya.palande@nokia.com>
To: "ext Guzman Lugo, Fernando" <x0095840@ti.com>
Cc: "linux-omap@vger.kernel.org" <linux-omap@vger.kernel.org>,
"Kanigeri, Hari" <h-kanigeri2@ti.com>
Subject: Re: FW: [PATCH] DSPBRIDGE: Buffer size warning fixes
Date: Fri, 05 Jun 2009 15:35:51 +0300 [thread overview]
Message-ID: <4A291127.3000508@nokia.com> (raw)
In-Reply-To: <496565EC904933469F292DDA3F1663E602931073CA@dlee06.ent.ti.com>
Hi Fernando,
Thanks for your comments!
Sorry for my delayed reply.
I have modified the patch and will send it as reply to the original posting.
Cheers,
Ameya.
ext Guzman Lugo, Fernando wrote:
> Looping in linux-omap.
>
> -----Original Message-----
> From: Guzman Lugo, Fernando
> Sent: Thursday, May 21, 2009 12:14 PM
> To: 'Ameya Palande'
> Cc: Kanigeri, Hari
> Subject: RE: [PATCH] DSPBRIDGE: Buffer size warning fixes
>
>
> Hi Ameya,
>
> What is the problem that this patch resolves, I think you want to left the last byte of the string for the end of string character '\0', so avoid when we strncpy generates a not null-terminated string when the src string has a length >= COD_MAXPATHLENGTH. However the patch doesn’t fix this problem unless when we declared an array it is zero-initialized but I don’t think so.
>
> Example without this patch
>
> COD_MAXPATHLENGTH limit
> ↓
> Src string .....abcdefghijklmnop qst...
> Dst String .....abcdefghijklmnop <- not null-terminated esting
>
> Example with this patch
> COD_MAXPATHLENGTH limit
> ↓
> Src string .....abcdefghijklmnop qst...
> Dst String .....abcdefghijklmno <- Also not null-terminated string
> ↑
> We copy COD_MAXPATHLENGTH - 1
> The last character of the array
> wouldn’t be ‘\0’
> It would be garbage
>
> Maybe to resolve that problem we could do:
> } else {
>
> /* hang onto the library for subsequent sym table usage */
> hMgr->baseLib = lib;
> strncpy(hMgr->szZLFile, pszCoffPath, COD_MAXPATHLENGTH);
> if (strlen(pszCoffPath) >= COD_MAXPATHLENGTH)
> hMgr->szZLFile[COD_MAXPATHLENGTH -1] = ‘\0’;
>
> }
>
> Please let me know what you think or if this patch resolve something else.
>
> Regards,
> Fernando.
>
> -----Original Message-----
> From: linux-omap-owner@vger.kernel.org [mailto:linux-omap-owner@vger.kernel.org] On Behalf Of Ameya Palande
> Sent: Tuesday, May 19, 2009 5:49 AM
> To: linux-omap@vger.kernel.org
> Subject: [PATCH] DSPBRIDGE: Buffer size warning fixes
>
> From: Ameya Palande <ameya.palande@nokia.com>
>
> Signed-off-by: Ameya Palande <ameya.palande@nokia.com>
> ---
> drivers/dsp/bridge/pmgr/cod.c | 2 +-
> drivers/dsp/bridge/rmgr/drv.c | 2 +-
> drivers/dsp/bridge/services/regsup.c | 4 ++--
> 3 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/dsp/bridge/pmgr/cod.c b/drivers/dsp/bridge/pmgr/cod.c
> index 6363f1e..5094201 100644
> --- a/drivers/dsp/bridge/pmgr/cod.c
> +++ b/drivers/dsp/bridge/pmgr/cod.c
> @@ -628,7 +628,7 @@ DSP_STATUS COD_OpenBase(struct COD_MANAGER *hMgr, IN char *pszCoffPath,
> } else {
> /* hang onto the library for subsequent sym table usage */
> hMgr->baseLib = lib;
> - strncpy(hMgr->szZLFile, pszCoffPath, COD_MAXPATHLENGTH);
> + strncpy(hMgr->szZLFile, pszCoffPath, COD_MAXPATHLENGTH - 1);
> }
>
> return status;
> diff --git a/drivers/dsp/bridge/rmgr/drv.c b/drivers/dsp/bridge/rmgr/drv.c
> index 256ce12..60ca054 100644
> --- a/drivers/dsp/bridge/rmgr/drv.c
> +++ b/drivers/dsp/bridge/rmgr/drv.c
> @@ -1510,7 +1510,7 @@ DSP_STATUS DRV_RequestResources(u32 dwContext, u32 *pDevNodeString)
> if (pszdevNode) {
> LST_InitElem(&pszdevNode->link);
> strncpy((char *) pszdevNode->szString,
> - (char *)dwContext, MAXREGPATHLENGTH);
> + (char *)dwContext, MAXREGPATHLENGTH - 1);
> /* Update the Driver Object List */
> *pDevNodeString = (u32)pszdevNode->szString;
> LST_PutTail(pDRVObject->devNodeString,
> diff --git a/drivers/dsp/bridge/services/regsup.c b/drivers/dsp/bridge/services/regsup.c
> index 5251b68..b0c6e00 100644
> --- a/drivers/dsp/bridge/services/regsup.c
> +++ b/drivers/dsp/bridge/services/regsup.c
> @@ -238,8 +238,8 @@ DSP_STATUS regsupSetValue(char *valName, void *pBuf, u32 dataSize)
> /* No match, need to make a new entry */
> /* First check to see if we can make any more entries. */
> if (pRegKey->numValueEntries < BRIDGE_MAX_NUM_REG_ENTRIES) {
> - strncpy(pRegKey->values[pRegKey->numValueEntries].name,
> - valName, BRIDGE_MAX_NAME_SIZE);
> + strncpy(pRegKey->values[pRegKey->numValueEntries].name,
> + valName, BRIDGE_MAX_NAME_SIZE - 1);
> pRegKey->values[pRegKey->numValueEntries].pData =
> MEM_Alloc(dataSize, MEM_NONPAGED);
> if (pRegKey->values[pRegKey->numValueEntries].pData !=
prev parent reply other threads:[~2009-06-05 12:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-21 17:17 FW: [PATCH] DSPBRIDGE: Buffer size warning fixes Guzman Lugo, Fernando
2009-06-05 12:35 ` Ameya Palande [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A291127.3000508@nokia.com \
--to=ameya.palande@nokia.com \
--cc=h-kanigeri2@ti.com \
--cc=linux-omap@vger.kernel.org \
--cc=x0095840@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox