On Mon, Mar 13, 2017 at 6:11 PM, Dan Carpenter <dan.carpen...@oracle.com> wrote: > On Sun, Mar 12, 2017 at 02:10:01AM +0530, simran singhal wrote: >> Replace strcpy with strlcpy as strcpy does not check for buffer >> overflow. >> This is found using Flawfinder. >> >> Signed-off-by: simran singhal <singhalsimr...@gmail.com> >> --- >> drivers/staging/android/ashmem.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/staging/android/ashmem.c >> b/drivers/staging/android/ashmem.c >> index 7cbad0d..eb2f4ef 100644 >> --- a/drivers/staging/android/ashmem.c >> +++ b/drivers/staging/android/ashmem.c >> @@ -548,7 +548,8 @@ static int set_name(struct ashmem_area *asma, void >> __user *name) >> if (unlikely(asma->file)) >> ret = -EINVAL; >> else >> - strcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name); >> + strlcpy(asma->name + ASHMEM_NAME_PREFIX_LEN, local_name, >> + sizeof(asma->name + ASHMEM_NAME_PREFIX_LEN)); > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > This isn't right. > > Also please do some analysis to see if it's a real bug or a false > positive. It is a false positive in this case. >
Dan, I have already sent v3 of this in which I have used: sizeof(asma->name) - ASHMEM_NAME_PREFIX_LEN Thanks! Simran > regards, > dan carpenter > _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
