* [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() @ 2016-10-26 19:19 Simon Glass 2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass 2016-10-26 21:49 ` [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Tom Rini 0 siblings, 2 replies; 5+ messages in thread From: Simon Glass @ 2016-10-26 19:19 UTC (permalink / raw) To: u-boot The allocated memory should be freed. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 150963) --- tools/mkimage.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/mkimage.c b/tools/mkimage.c index 3c594a0..521fa80 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -64,6 +64,7 @@ static int show_valid_options(enum ih_category category) genimg_get_cat_name(category, item)); } fprintf(stderr, "\n"); + free(order); return 0; } -- 2.8.0.rc3.226.g39d4020 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() 2016-10-26 19:19 [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass @ 2016-10-26 19:19 ` Simon Glass 2016-10-26 21:49 ` Tom Rini 2016-10-26 21:49 ` [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Tom Rini 1 sibling, 1 reply; 5+ messages in thread From: Simon Glass @ 2016-10-26 19:19 UTC (permalink / raw) To: u-boot Coverity complains that this can overflow. If we later increase the size of one of the strings in the table, it could happen. Adjust the code to protect against this. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 150964) --- common/image.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/image.c b/common/image.c index 0e86c13..dfd1779 100644 --- a/common/image.c +++ b/common/image.c @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) } return NULL; } +#include <linux/string.h> static const char *unknown_msg(enum ih_category category) { static char msg[30]; strcpy(msg, "Unknown "); - strcat(msg, table_info[category].desc); + strncat(msg, table_info[category].desc, sizeof(msg) - 1); return msg; } -- 2.8.0.rc3.226.g39d4020 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() 2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass @ 2016-10-26 21:49 ` Tom Rini 2016-10-28 1:51 ` Simon Glass 0 siblings, 1 reply; 5+ messages in thread From: Tom Rini @ 2016-10-26 21:49 UTC (permalink / raw) To: u-boot On Wed, Oct 26, 2016 at 01:19:12PM -0600, Simon Glass wrote: > Coverity complains that this can overflow. If we later increase the size > of one of the strings in the table, it could happen. > > Adjust the code to protect against this. > > Signed-off-by: Simon Glass <sjg@chromium.org> > Reported-by: Coverity (CID: 150964) > --- > > common/image.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/common/image.c b/common/image.c > index 0e86c13..dfd1779 100644 > --- a/common/image.c > +++ b/common/image.c > @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) > } > return NULL; > } > +#include <linux/string.h> > > static const char *unknown_msg(enum ih_category category) > { > static char msg[30]; > > strcpy(msg, "Unknown "); > - strcat(msg, table_info[category].desc); > + strncat(msg, table_info[category].desc, sizeof(msg) - 1); > > return msg; > } We should add the include up top with the others :) -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161026/2c31de01/attachment.sig> ^ permalink raw reply [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() 2016-10-26 21:49 ` Tom Rini @ 2016-10-28 1:51 ` Simon Glass 0 siblings, 0 replies; 5+ messages in thread From: Simon Glass @ 2016-10-28 1:51 UTC (permalink / raw) To: u-boot Hi Tom, On 26 October 2016 at 14:49, Tom Rini <trini@konsulko.com> wrote: > On Wed, Oct 26, 2016 at 01:19:12PM -0600, Simon Glass wrote: >> Coverity complains that this can overflow. If we later increase the size >> of one of the strings in the table, it could happen. >> >> Adjust the code to protect against this. >> >> Signed-off-by: Simon Glass <sjg@chromium.org> >> Reported-by: Coverity (CID: 150964) >> --- >> >> common/image.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/common/image.c b/common/image.c >> index 0e86c13..dfd1779 100644 >> --- a/common/image.c >> +++ b/common/image.c >> @@ -584,13 +584,14 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id) >> } >> return NULL; >> } >> +#include <linux/string.h> >> >> static const char *unknown_msg(enum ih_category category) >> { >> static char msg[30]; >> >> strcpy(msg, "Unknown "); >> - strcat(msg, table_info[category].desc); >> + strncat(msg, table_info[category].desc, sizeof(msg) - 1); >> >> return msg; >> } > > We should add the include up top with the others :) Ooops I left that in. It is not needed. Regards, Simon ^ permalink raw reply [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() 2016-10-26 19:19 [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass 2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass @ 2016-10-26 21:49 ` Tom Rini 1 sibling, 0 replies; 5+ messages in thread From: Tom Rini @ 2016-10-26 21:49 UTC (permalink / raw) To: u-boot On Wed, Oct 26, 2016 at 01:19:11PM -0600, Simon Glass wrote: > The allocated memory should be freed. Fix it. > > Signed-off-by: Simon Glass <sjg@chromium.org> > Reported-by: Coverity (CID: 150963) Reviewed-by: Tom Rini <trini@konsulko.com> -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161026/a3a010bb/attachment.sig> ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-10-28 1:51 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-10-26 19:19 [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Simon Glass 2016-10-26 19:19 ` [U-Boot] [PATCH 2/2] image: Protect against overflow in unknown_msg() Simon Glass 2016-10-26 21:49 ` Tom Rini 2016-10-28 1:51 ` Simon Glass 2016-10-26 21:49 ` [U-Boot] [PATCH 1/2] mkimage: Fix missing free() in show_valid_options() Tom Rini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox