From mboxrd@z Thu Jan  1 00:00:00 1970
From: Simon Glass <sjg@chromium.org>
Date: Tue, 8 Dec 2015 12:35:18 -0700
Subject: [U-Boot] [PATCH 1/3] serial-uclass.c: Copy at most sdev.name -
 1 characters into the buffer
In-Reply-To: <1449545195-18195-1-git-send-email-trini@konsulko.com>
References: <1449545195-18195-1-git-send-email-trini@konsulko.com>
Message-ID: <CAPnjgZ0k8MwFUR9tEtM0eiFPMcWFnVe7--uGT62dFn__a_gEyw@mail.gmail.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On 7 December 2015 at 20:26, Tom Rini <trini@konsulko.com> wrote:
> Coverity notes that we do not ensure a NULL terminated string here as we
> could fill the entire buffer with our strncpy call.  Fix this by
> subtracting one.
>
> Reported-by: Coverity (CID 131093)
> Cc: Simon Glass <sjg@chromium.org>
> Signed-off-by: Tom Rini <trini@konsulko.com>
> ---
>  drivers/serial/serial-uclass.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

>
> diff --git a/drivers/serial/serial-uclass.c b/drivers/serial/serial-uclass.c
> index 842f78b..2ef82b0 100644
> --- a/drivers/serial/serial-uclass.c
> +++ b/drivers/serial/serial-uclass.c
> @@ -324,7 +324,7 @@ static int serial_post_probe(struct udevice *dev)
>                 return 0;
>         memset(&sdev, '\0', sizeof(sdev));
>
> -       strncpy(sdev.name, dev->name, sizeof(sdev.name));
> +       strncpy(sdev.name, dev->name, sizeof(sdev.name) - 1);

There is also strlcpy() if you want it.

>         sdev.flags = DEV_FLAGS_OUTPUT | DEV_FLAGS_INPUT;
>         sdev.priv = dev;
>         sdev.putc = serial_stub_putc;
> --
> 1.7.9.5
>