On 6/23/11 3:09 AM, Alexey I. Froloff wrote:
> False positive buffer overflow detected by gcc because altinfo uses
> information1, flashLayoutVer and fskernelCRC fields. We are sure, that
> altinfo lengts is less than ALTTAGINFO_LEN, so it's safe to memcpy()
> whole altinfo string ply terminating NUL byte.
>
> Signed-off-by: Alexey I. Froloff <ra...@altlinux.org>
> ---
> tools/firmware-utils/src/imagetag.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/tools/firmware-utils/src/imagetag.c
> b/tools/firmware-utils/src/imagetag.c
> index bebaba2..87d02d5 100644
> --- a/tools/firmware-utils/src/imagetag.c
> +++ b/tools/firmware-utils/src/imagetag.c
> @@ -366,7 +366,7 @@ int tagfile(const char *kernel, const char *rootfs, const
> char *bin, \
> }
>
> if (args->altinfo_given) {
> - strncpy(&tag.information1[0], args->altinfo_arg, ALTTAGINFO_LEN);
> + memcpy(tag.information1, args->altinfo_arg,
> strlen(args->altinfo_arg)+1);
> }
>
> if (args->second_image_flag_given) {
If you're sure the code is good, then come up with an annotation that will
silence the compiler that doesn't require changing the code... usually a
#pragma should be enough.
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
