"Angel Pons" <th3fan...@gmail.com> schrieb: > We made the patches that made Coverity angry about this `format_pn()` > function. However, this is not an actual bug: the > `eeprom_read_serial()` function returns a buffer that is at most 32 > (`HERMES_SN_PN_LENGTH`) characters long, and the length of the > `prefix` string is known at build-time (it's a string literal in both > call sites) to be less than 32 characters long.
There's no guarantee that the string returned by eeprom_read_serial() is 0-terminated (not even in its implementation) and strcpy proceeds until the first 0 it sees, even if that's only 2GB later. Use strncpy instead to prevent out of bound copies. Patrick _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
