[U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options()
@ 2016-10-26 19:19 Simon Glass
  2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass
  2016-10-26 21:49 ` [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Tom Rini
  0 siblings, 2 replies; 5+ messages in thread
From: Simon Glass @ 2016-10-26 19:19 UTC (permalink / raw)
  To: u-boot

The allocated memory should be freed. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150963)
---

 tools/mkimage.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/mkimage.c b/tools/mkimage.c
index 3c594a0..521fa80 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -64,6 +64,7 @@ static int show_valid_options(enum ih_category category)
 			genimg_get_cat_name(category, item));
 	}
 	fprintf(stderr, "\n");
+	free(order);
 
 	return 0;
 }
-- 
2.8.0.rc3.226.g39d4020

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg()
  2016-10-26 19:19 [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass
@ 2016-10-26 19:19 ` Simon Glass
  2016-10-26 21:49   ` Tom Rini
  2016-10-26 21:49 ` [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Tom Rini
  1 sibling, 1 reply; 5+ messages in thread
From: Simon Glass @ 2016-10-26 19:19 UTC (permalink / raw)
  To: u-boot

Coverity complains that this can overflow. If we later increase the size
of one of the strings in the table, it could happen.

Adjust the code to protect against this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150964)
---

 common/image.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common/image.c b/common/image.c
index 0e86c13..dfd1779 100644
--- a/common/image.c
+++ b/common/image.c
@@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id)
 	}
 	return NULL;
 }
+#include <linux/string.h>
 
 static const char *unknown_msg(enum ih_category category)
 {
 	static char msg[30];
 
 	strcpy(msg, "Unknown ");
-	strcat(msg, table_info[category].desc);
+	strncat(msg, table_info[category].desc, sizeof(msg) - 1);
 
 	return msg;
 }
-- 
2.8.0.rc3.226.g39d4020

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg()
  2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass
@ 2016-10-26 21:49   ` Tom Rini
  2016-10-28  1:51     ` Simon Glass
  0 siblings, 1 reply; 5+ messages in thread
From: Tom Rini @ 2016-10-26 21:49 UTC (permalink / raw)
  To: u-boot

On Wed, Oct 26, 2016 at 01:19:12PM -0600, Simon Glass wrote:
> Coverity complains that this can overflow. If we later increase the size
> of one of the strings in the table, it could happen.
> 
> Adjust the code to protect against this.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reported-by: Coverity (CID: 150964)
> ---
> 
>  common/image.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/common/image.c b/common/image.c
> index 0e86c13..dfd1779 100644
> --- a/common/image.c
> +++ b/common/image.c
> @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id)
>  	}
>  	return NULL;
>  }
> +#include <linux/string.h>
>  
>  static const char *unknown_msg(enum ih_category category)
>  {
>  	static char msg[30];
>  
>  	strcpy(msg, "Unknown ");
> -	strcat(msg, table_info[category].desc);
> +	strncat(msg, table_info[category].desc, sizeof(msg) - 1);
>  
>  	return msg;
>  }

We should add the include up top with the others :)

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161026/2c31de01/attachment.sig>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options()
  2016-10-26 19:19 [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass
  2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass
@ 2016-10-26 21:49 ` Tom Rini
  1 sibling, 0 replies; 5+ messages in thread
From: Tom Rini @ 2016-10-26 21:49 UTC (permalink / raw)
  To: u-boot

On Wed, Oct 26, 2016 at 01:19:11PM -0600, Simon Glass wrote:

> The allocated memory should be freed. Fix it.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reported-by: Coverity (CID: 150963)

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161026/a3a010bb/attachment.sig>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg()
  2016-10-26 21:49   ` Tom Rini
@ 2016-10-28  1:51     ` Simon Glass
  0 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2016-10-28  1:51 UTC (permalink / raw)
  To: u-boot

Hi Tom,

On 26 October 2016 at 14:49, Tom Rini <trini@konsulko.com> wrote:
> On Wed, Oct 26, 2016 at 01:19:12PM -0600, Simon Glass wrote:
>> Coverity complains that this can overflow. If we later increase the size
>> of one of the strings in the table, it could happen.
>>
>> Adjust the code to protect against this.
>>
>> Signed-off-by: Simon Glass <sjg@chromium.org>
>> Reported-by: Coverity (CID: 150964)
>> ---
>>
>>  common/image.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/common/image.c b/common/image.c
>> index 0e86c13..dfd1779 100644
>> --- a/common/image.c
>> +++ b/common/image.c
>> @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id)
>>       }
>>       return NULL;
>>  }
>> +#include <linux/string.h>
>>
>>  static const char *unknown_msg(enum ih_category category)
>>  {
>>       static char msg[30];
>>
>>       strcpy(msg, "Unknown ");
>> -     strcat(msg, table_info[category].desc);
>> +     strncat(msg, table_info[category].desc, sizeof(msg) - 1);
>>
>>       return msg;
>>  }
>
> We should add the include up top with the others :)

Ooops I left that in. It is not needed.

Regards,
Simon

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-10-28  1:51 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-26 19:19 [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass
2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass
2016-10-26 21:49   ` Tom Rini
2016-10-28  1:51     ` Simon Glass
2016-10-26 21:49 ` [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Tom Rini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox