[Skiboot] [PATCH 2/8] queue_led_state_change() - Fix unterminated string warning
Stewart Smith
stewart at linux.vnet.ibm.com
Wed Jun 24 16:19:38 AEST 2015
Kamalesh Babulal <kamalesh at linux.vnet.ibm.com> writes:
> struct led_set_cmd cmd is zalloc. While doing strncpy of
> loc_code to cmd->loc_code, there are chances of cmd->loc_code
> being unterminated. Fix the issue by copying LOC_CODE_SIZE - 1.
>
> Fixes Coverity defect #100249.
>
> Signed-off-by: Kamalesh Babulal <kamalesh at linux.vnet.ibm.com>
> Cc: Ananth N Mavinakayanahalli <ananth at in.ibm.com>
> Cc: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
> ---
> hw/fsp/fsp-leds.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/fsp/fsp-leds.c b/hw/fsp/fsp-leds.c
> index 82be37a..877aca1 100644
> --- a/hw/fsp/fsp-leds.c
> +++ b/hw/fsp/fsp-leds.c
> @@ -683,7 +683,7 @@ static int queue_led_state_change(char *loc_code, u8 command,
> }
>
> /* Save the request */
> - strncpy(cmd->loc_code, loc_code, LOC_CODE_SIZE);
> + strncpy(cmd->loc_code, loc_code, LOC_CODE_SIZE - 1);
> cmd->command = command;
> cmd->state = state;
> cmd->cmd_src = cmd_src;
(after looking it up in MBOX spec) it seems as though we do have to have
null terminated location code. Thanks, merged!
More information about the Skiboot
mailing list