[U-Boot] [PATCH v4 2/2] image: Protect against overflow in unknown_msg()

[U-Boot] [PATCH v4 2/2] image: Protect against overflow in unknown_msg()

[Simon Glass]

Coverity complains that this can overflow. If we later increase the size
of one of the strings in the table, it could happen.

Adjust the code to protect against this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150964)
---

Changes in v4:
- Add missing [] (tested)

Changes in v3:
- Adjust to deal with what strncpy() actually does (I think)

Changes in v2:
- Drop unwanted #include

 common/image.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/common/image.c b/common/image.c
index 0e86c13..7604494 100644
--- a/common/image.c
+++ b/common/image.c
@@ -587,10 +587,12 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id)
 
 static const char *unknown_msg(enum ih_category category)
 {
+	static const char unknown_str[] = "Unknown ";
 	static char msg[30];
 
-	strcpy(msg, "Unknown ");
-	strcat(msg, table_info[category].desc);
+	strcpy(msg, unknown_str);
+	strncat(msg, table_info[category].desc,
+		sizeof(msg) - sizeof(unknown_str));
 
 	return msg;
 }
-- 
2.8.0.rc3.226.g39d4020

[U-Boot] [U-Boot, v4, 2/2] image: Protect against overflow in unknown_msg()

[Tom Rini]

On Mon, Oct 31, 2016 at 10:21:09AM -0600, Simon Glass wrote:

> Coverity complains that this can overflow. If we later increase the size
> of one of the strings in the table, it could happen.
> 
> Adjust the code to protect against this.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reported-by: Coverity (CID: 150964)

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20161106/0418727b/attachment.sig>