[dpdk-dev] [PATCH 02/18] drivers: bus: pci: fix strncpy dangerous code

Bruce Richardson bruce.richardson at intel.com
Tue May 8 10:57:23 CEST 2018


On Tue, May 08, 2018 at 12:29:38PM +0800, Andy Green wrote:
> In function ‘pci_get_kernel_driver_by_path’,
>     inlined from ‘pci_scan_one.isra.1’ at /home/agreen/projects/dpdk/drivers/bus/pci/linux/pci.c:317:8:
> /home/agreen/projects/dpdk/drivers/bus/pci/linux/pci.c:57:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
>    strncpy(dri_name, name + 1, strlen(name + 1) + 1);
> ---
>  drivers/bus/pci/linux/pci.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c
> index 4630a8057..b5bdfd33e 100644
> --- a/drivers/bus/pci/linux/pci.c
> +++ b/drivers/bus/pci/linux/pci.c
> @@ -54,7 +54,8 @@ pci_get_kernel_driver_by_path(const char *filename, char *dri_name)
>  
>  	name = strrchr(path, '/');
>  	if (name) {
> -		strncpy(dri_name, name + 1, strlen(name + 1) + 1);
> +		strncpy(dri_name, name + 1, sizeof(dri_name) - 1);
> +		dri_name[sizeof(dri_name) - 1] = '\0';
>  		return 0;
>  	}
While this fix is correct, a better fix would be to use strlcpy from
rte_string_fns.h.

	strlcpy(dri_name, name + 1, sizeof(dri_name));

Regards,
/Bruce


More information about the dev mailing list