| Message ID | 1449168597-438-1-git-send-email-mike.holmes@linaro.org |
|---|---|
| State | Accepted |
| Commit | 78b7f37a1ae30dd85f7b13492bbe402a591fae60 |
| Headers | show |
On Thu, Dec 3, 2015 at 12:49 PM, Mike Holmes <mike.holmes@linaro.org> wrote: > Fixes Bug 1905 - CID 154167: > > Calling strncpy with a maximum size argument of ODP_TABLE_NAME_LEN > bytes on destination array tbl->name of size ODP_TABLE_NAME_LEN bytes > might leave the destination string unterminated if the copied string is > also of the maximum size ODP_TABLE_NAME_LEN. > > Make the copy leave one char for the null terminator. > > Signed-off-by: Mike Holmes <mike.holmes@linaro.org> > Reviewed-by: Bill Fischofer <bill.fischofer@linaro.org> > --- > helper/hashtable.c | 2 +- > helper/lineartable.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/helper/hashtable.c b/helper/hashtable.c > index 1121beb..e0f562e 100644 > --- a/helper/hashtable.c > +++ b/helper/hashtable.c > @@ -92,7 +92,7 @@ odph_table_t odph_hash_table_create(const char *name, > uint32_t capacity, > memset(tbl, 0, capacity << 20); > > tbl->init_cap = capacity << 20; > - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); > + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); > tbl->key_size = key_size; > tbl->value_size = value_size; > > diff --git a/helper/lineartable.c b/helper/lineartable.c > index b0759f9..68d9350 100644 > --- a/helper/lineartable.c > +++ b/helper/lineartable.c > @@ -73,7 +73,7 @@ odph_table_t odph_linear_table_create(const char *name, > uint32_t capacity, > > tbl->init_cap = capacity < 20; > > - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); > + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); > > /* for linear table, the key is just the index, without confict > * so we just need to record the value content > -- > 2.5.0 > > _______________________________________________ > lng-odp mailing list > lng-odp@lists.linaro.org > https://lists.linaro.org/mailman/listinfo/lng-odp >
Merged, Maxim. On 12/04/2015 18:35, Bill Fischofer wrote: > > > On Thu, Dec 3, 2015 at 12:49 PM, Mike Holmes <mike.holmes@linaro.org > <mailto:mike.holmes@linaro.org>> wrote: > > Fixes Bug 1905 - CID 154167: > > Calling strncpy with a maximum size argument of ODP_TABLE_NAME_LEN > bytes on destination array tbl->name of size ODP_TABLE_NAME_LEN bytes > might leave the destination string unterminated if the copied > string is > also of the maximum size ODP_TABLE_NAME_LEN. > > Make the copy leave one char for the null terminator. > > Signed-off-by: Mike Holmes <mike.holmes@linaro.org > <mailto:mike.holmes@linaro.org>> > > > Reviewed-by: Bill Fischofer <bill.fischofer@linaro.org > <mailto:bill.fischofer@linaro.org>> > > --- > helper/hashtable.c | 2 +- > helper/lineartable.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/helper/hashtable.c b/helper/hashtable.c > index 1121beb..e0f562e 100644 > --- a/helper/hashtable.c > +++ b/helper/hashtable.c > @@ -92,7 +92,7 @@ odph_table_t odph_hash_table_create(const char > *name, uint32_t capacity, > memset(tbl, 0, capacity << 20); > > tbl->init_cap = capacity << 20; > - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); > + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); > tbl->key_size = key_size; > tbl->value_size = value_size; > > diff --git a/helper/lineartable.c b/helper/lineartable.c > index b0759f9..68d9350 100644 > --- a/helper/lineartable.c > +++ b/helper/lineartable.c > @@ -73,7 +73,7 @@ odph_table_t odph_linear_table_create(const char > *name, uint32_t capacity, > > tbl->init_cap = capacity < 20; > > - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); > + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); > > /* for linear table, the key is just the index, without > confict > * so we just need to record the value content > -- > 2.5.0 > > _______________________________________________ > lng-odp mailing list > lng-odp@lists.linaro.org <mailto:lng-odp@lists.linaro.org> > https://lists.linaro.org/mailman/listinfo/lng-odp > > > > > _______________________________________________ > lng-odp mailing list > lng-odp@lists.linaro.org > https://lists.linaro.org/mailman/listinfo/lng-odp
diff --git a/helper/hashtable.c b/helper/hashtable.c index 1121beb..e0f562e 100644 --- a/helper/hashtable.c +++ b/helper/hashtable.c @@ -92,7 +92,7 @@ odph_table_t odph_hash_table_create(const char *name, uint32_t capacity, memset(tbl, 0, capacity << 20); tbl->init_cap = capacity << 20; - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); tbl->key_size = key_size; tbl->value_size = value_size; diff --git a/helper/lineartable.c b/helper/lineartable.c index b0759f9..68d9350 100644 --- a/helper/lineartable.c +++ b/helper/lineartable.c @@ -73,7 +73,7 @@ odph_table_t odph_linear_table_create(const char *name, uint32_t capacity, tbl->init_cap = capacity < 20; - strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN); + strncpy(tbl->name, name, ODPH_TABLE_NAME_LEN - 1); /* for linear table, the key is just the index, without confict * so we just need to record the value content
Fixes Bug 1905 - CID 154167: Calling strncpy with a maximum size argument of ODP_TABLE_NAME_LEN bytes on destination array tbl->name of size ODP_TABLE_NAME_LEN bytes might leave the destination string unterminated if the copied string is also of the maximum size ODP_TABLE_NAME_LEN. Make the copy leave one char for the null terminator. Signed-off-by: Mike Holmes <mike.holmes@linaro.org> --- helper/hashtable.c | 2 +- helper/lineartable.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)