Hi Tom, On 28 October 2016 at 11:59, Tom Rini <tr...@konsulko.com> wrote: > On Thu, Oct 27, 2016 at 08:18:39PM -0600, Simon Glass wrote: >> Coverity complains that this can overflow. If we later increase the size >> of one of the strings in the table, it could happen. >> >> Adjust the code to protect against this. >> >> Signed-off-by: Simon Glass <s...@chromium.org> >> Reported-by: Coverity (CID: 150964) >> --- >> >> Changes in v3: >> - Adjust to deal with what strncpy() actually does (I think) >> >> Changes in v2: >> - Drop unwanted #include >> >> common/image.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/common/image.c b/common/image.c >> index 0e86c13..016f263 100644 >> --- a/common/image.c >> +++ b/common/image.c >> @@ -588,9 +588,11 @@ const table_entry_t *get_table_entry(const >> table_entry_t *table, int id) >> static const char *unknown_msg(enum ih_category category) >> { >> static char msg[30]; >> + static char unknown_str = "Unknown "; >> >> - strcpy(msg, "Unknown "); >> - strcat(msg, table_info[category].desc); >> + strcpy(msg, unknown_str); >> + strncat(msg, table_info[category].desc, >> + sizeof(msg) - sizeof(unknown_str)); > > We still need to subtract 1 more here at the end, for the NUL don't we?
I was hoping that the sizeof(msg) would take care of that? Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot