[Skiboot] [RESEND PATCH 3/8] nvram_format: Fix unterminated string warning
Kamalesh Babulal
kamalesh at linux.vnet.ibm.com
Tue Jun 23 18:46:21 AEST 2015
Sorry previous patch had changes related to cross compiler.
--8<--
We write NVRAM_NAME_FREE, which is of strlen(12) into
struct chrp_nvram_hdr->name[12] using strncpy. This could
result in an unterminated string.
This patch alters the length of NVRAM_NAME_FREE length 11
and as nvram_image is already memset to zero. Note that the
NVRAM_NAME_FREE is local to this file.
Fixes Coverity defect #97817.
Signed-off-by: Kamalesh Babulal <kamalesh at linux.vnet.ibm.com>
---
core/nvram.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/core/nvram.c b/core/nvram.c
index f25d6aa..f59fb82 100644
--- a/core/nvram.c
+++ b/core/nvram.c
@@ -63,7 +63,7 @@ struct chrp_nvram_hdr {
#define NVRAM_NAME_COMMON "common"
#define NVRAM_NAME_FW_PRIV "ibm,skiboot"
-#define NVRAM_NAME_FREE "wwwwwwwwwwww"
+#define NVRAM_NAME_FREE "wwwwwwwwwww"
/* 64k should be enough, famous last words... */
#define NVRAM_SIZE_COMMON 0x10000
@@ -117,7 +117,7 @@ static void nvram_format(void)
h = nvram_image + offset;
h->sig = NVRAM_SIG_FREE;
h->len = (nvram_size - offset) >> 4;
- strncpy(h->name, NVRAM_NAME_FREE, 12);
+ strncpy(h->name, NVRAM_NAME_FREE, 11);
h->cksum = chrp_nv_cksum(h);
/* Write the whole thing back */
--
2.1.2
More information about the Skiboot
mailing list