[dpdk-dev,02/18] drivers: bus: pci: fix strncpy dangerous code
Checks
Commit Message
In function ‘pci_get_kernel_driver_by_path’,
inlined from ‘pci_scan_one.isra.1’ at /home/agreen/projects/dpdk/drivers/bus/pci/linux/pci.c:317:8:
/home/agreen/projects/dpdk/drivers/bus/pci/linux/pci.c:57:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
strncpy(dri_name, name + 1, strlen(name + 1) + 1);
---
drivers/bus/pci/linux/pci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
On Tue, May 08, 2018 at 12:29:38PM +0800, Andy Green wrote:
> In function ‘pci_get_kernel_driver_by_path’,
> inlined from ‘pci_scan_one.isra.1’ at /home/agreen/projects/dpdk/drivers/bus/pci/linux/pci.c:317:8:
> /home/agreen/projects/dpdk/drivers/bus/pci/linux/pci.c:57:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
> strncpy(dri_name, name + 1, strlen(name + 1) + 1);
> ---
> drivers/bus/pci/linux/pci.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c
> index 4630a8057..b5bdfd33e 100644
> --- a/drivers/bus/pci/linux/pci.c
> +++ b/drivers/bus/pci/linux/pci.c
> @@ -54,7 +54,8 @@ pci_get_kernel_driver_by_path(const char *filename, char *dri_name)
>
> name = strrchr(path, '/');
> if (name) {
> - strncpy(dri_name, name + 1, strlen(name + 1) + 1);
> + strncpy(dri_name, name + 1, sizeof(dri_name) - 1);
> + dri_name[sizeof(dri_name) - 1] = '\0';
> return 0;
> }
While this fix is correct, a better fix would be to use strlcpy from
rte_string_fns.h.
strlcpy(dri_name, name + 1, sizeof(dri_name));
Regards,
/Bruce
@@ -54,7 +54,8 @@ pci_get_kernel_driver_by_path(const char *filename, char *dri_name)
name = strrchr(path, '/');
if (name) {
- strncpy(dri_name, name + 1, strlen(name + 1) + 1);
+ strncpy(dri_name, name + 1, sizeof(dri_name) - 1);
+ dri_name[sizeof(dri_name) - 1] = '\0';
return 0;
}