[Buildroot] [PATCH v2 3/3] package/xen: tools/xenpmd: fix possible truncation

Matt Weber matthew.weber at rockwellcollins.com
Fri Nov 16 16:57:41 UTC 2018


gcc-8 complains:
    xenpmd.c:207:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
             strncpy(info->oem_info, attrib_value, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Upstream:
https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=938c8f53b1f80175c6f7a1399efdb984abb0cb8b

Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
--
Bug found while fixing:
http://autobuild.buildroot.net/results/6e0d8e962e861a32f5bf2e5031ef51c25768f1f6/

v1 -> v2
 - Re-generated patch on upstream clone of 4.10.2 and included SOF

---
 package/xen/0004-tools-xenpmd-truncation.patch | 78 ++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 package/xen/0004-tools-xenpmd-truncation.patch

diff --git a/package/xen/0004-tools-xenpmd-truncation.patch b/package/xen/0004-tools-xenpmd-truncation.patch
new file mode 100644
index 0000000..65f7fe3
--- /dev/null
+++ b/package/xen/0004-tools-xenpmd-truncation.patch
@@ -0,0 +1,78 @@
+From be44f7c25c81237243ac5f834b1687d88379a253 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
+ <marmarek at invisiblethingslab.com>
+Date: Thu, 5 Apr 2018 03:50:53 +0200
+Subject: [PATCH] tools/xenpmd: fix possible '\0' truncation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+gcc-8 complains:
+    xenpmd.c:207:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
+             strncpy(info->oem_info, attrib_value, 32);
+             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    xenpmd.c:201:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
+             strncpy(info->battery_type, attrib_value, 32);
+             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    xenpmd.c:195:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
+             strncpy(info->serial_number, attrib_value, 32);
+             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    xenpmd.c:189:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
+             strncpy(info->model_number, attrib_value, 32);
+             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Copy 31 chars, then make sure terminating '\0' is present. Those fields
+are passed to strlen and as '%s' for snprintf later.
+
+Upstream:
+https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=938c8f53b1f80175c6f7a1399efdb984abb0cb8b
+
+Signed-off-by: Marek Marczykowski-Górecki <marmarek at invisiblethingslab.com>
+Acked-by: Wei Liu <wei.liu2 at citrix.com>
+Release-Acked-by: Juergen Gross <jgross at suse.com>
+Signed-off-by: Matt Weber <matthew.weber at rockwellcollins.com>
+---
+ tools/xenpmd/xenpmd.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/tools/xenpmd/xenpmd.c b/tools/xenpmd/xenpmd.c
+index 689c8fd..56412a9 100644
+--- a/tools/xenpmd/xenpmd.c
++++ b/tools/xenpmd/xenpmd.c
+@@ -186,25 +186,29 @@ void set_attribute_battery_info(char *attrib_name,
+ 
+     if ( strstr(attrib_name, "model number") ) 
+     {
+-        strncpy(info->model_number, attrib_value, 32);
++        strncpy(info->model_number, attrib_value, 31);
++        info->model_number[31] = '\0';
+         return;
+     }
+ 
+     if ( strstr(attrib_name, "serial number") ) 
+     {
+-        strncpy(info->serial_number, attrib_value, 32);
++        strncpy(info->serial_number, attrib_value, 31);
++        info->serial_number[31] = '\0';
+         return;
+     }
+ 
+     if ( strstr(attrib_name, "battery type") ) 
+     {
+-        strncpy(info->battery_type, attrib_value, 32);
++        strncpy(info->battery_type, attrib_value, 31);
++        info->battery_type[31] = '\0';
+         return;
+     }
+ 
+     if ( strstr(attrib_name, "OEM info") ) 
+     {
+-        strncpy(info->oem_info, attrib_value, 32);
++        strncpy(info->oem_info, attrib_value, 31);
++        info->oem_info[31] = '\0';
+         return;
+     }
+ 
+-- 
+1.9.1
+
-- 
1.9.1




More information about the buildroot mailing list