[Skiboot] [RESEND PATCH 3/8] nvram_format: Fix unterminated string warning

Kamalesh Babulal kamalesh at linux.vnet.ibm.com
Tue Jun 23 18:46:21 AEST 2015


Sorry previous patch had changes related to cross compiler.

--8<--
We write NVRAM_NAME_FREE, which is of strlen(12) into
struct chrp_nvram_hdr->name[12] using strncpy. This could
result in an unterminated string.

This patch alters the length of NVRAM_NAME_FREE length 11
and as nvram_image is already memset to zero. Note that the
NVRAM_NAME_FREE is local to this file.

Fixes Coverity defect #97817.

Signed-off-by: Kamalesh Babulal <kamalesh at linux.vnet.ibm.com>
---
 core/nvram.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/nvram.c b/core/nvram.c
index f25d6aa..f59fb82 100644
--- a/core/nvram.c
+++ b/core/nvram.c
@@ -63,7 +63,7 @@ struct chrp_nvram_hdr {
 
 #define NVRAM_NAME_COMMON	"common"
 #define NVRAM_NAME_FW_PRIV	"ibm,skiboot"
-#define NVRAM_NAME_FREE		"wwwwwwwwwwww"
+#define NVRAM_NAME_FREE		"wwwwwwwwwww"
 
 /* 64k should be enough, famous last words... */
 #define NVRAM_SIZE_COMMON	0x10000
@@ -117,7 +117,7 @@ static void nvram_format(void)
 	h = nvram_image + offset;
 	h->sig = NVRAM_SIG_FREE;
 	h->len = (nvram_size - offset) >> 4;
-	strncpy(h->name, NVRAM_NAME_FREE, 12);
+	strncpy(h->name, NVRAM_NAME_FREE, 11);
 	h->cksum = chrp_nv_cksum(h);
 
 	/* Write the whole thing back */
-- 
2.1.2



More information about the Skiboot mailing list