Re: [PATCH] [v2] firmware: tegra: fix strncpy()/strncat() confusion

From: Jon Hunter
Date: Tue Oct 27 2020 - 05:04:21 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v6 09/52] dt-bindings: memory: tegra30: mc: Document new interconnect property"
Previous message: Marco Elver: "Re: [PATCH v3 1/2] kunit: Support for Parameterized Testing"
In reply to: Arnd Bergmann: "[PATCH] [v2] firmware: tegra: fix strncpy()/strncat() confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26/10/2020 16:49, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@xxxxxxxx>
>
> The way that bpmp_populate_debugfs_inband() uses strncpy()
> and strncat() makes no sense since the size argument for
> the first is insufficient to contain the trailing '/'

I don't believe that is the case, because there is a +1 for trailing '/'
and the if statement is checking if the len is equal to or greater than.
If it is equal then there is no room for the nul character and will
fail. So it should not overflow.

> and the second passes the length of the input rather than
> the output, which triggers a warning:
>
> In function 'strncat',
> inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
> include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
> 289 | #define __underlying_strncat __builtin_strncat
> | ^
> include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
> 367 | return __underlying_strncat(p, q, count);
> | ^~~~~~~~~~~~~~~~~~~~
> drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
> include/linux/string.h:288:29: note: length computed here
> 288 | #define __underlying_strlen __builtin_strlen
> | ^
> include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
> 321 | return __underlying_strlen(p);
>
> Simplify this to use an snprintf() instead.
>
> Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
> Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> ---
> v2: Use the correct arguments for snprintf(), as pointed out by Arvind Sankar
> ---
> drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
> index c1bbba9ee93a..440d99c63638 100644
> --- a/drivers/firmware/tegra/bpmp-debugfs.c
> +++ b/drivers/firmware/tegra/bpmp-debugfs.c
> @@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
> goto out;
> }
>
> - len = strlen(ppath) + strlen(name) + 1;
> + len = snprintf(pathbuf, pathlen, "%s%s/", ppath, name);
> if (len >= pathlen) {
> err = -EINVAL;
> goto out;
> }
>
> - strncpy(pathbuf, ppath, pathlen);
> - strncat(pathbuf, name, strlen(name));
> - strcat(pathbuf, "/");
> -
> err = bpmp_populate_debugfs_inband(bpmp, dentry,
> pathbuf);
> if (err < 0)
>

However, this is indeed much better and so thanks for the simplification.

Acked-by: Jon Hunter <jonathanh@xxxxxxxxxx>

Cheers
Jon

--
nvpublic

Next message: Krzysztof Kozlowski: "Re: [PATCH v6 09/52] dt-bindings: memory: tegra30: mc: Document new interconnect property"
Previous message: Marco Elver: "Re: [PATCH v3 1/2] kunit: Support for Parameterized Testing"
In reply to: Arnd Bergmann: "[PATCH] [v2] firmware: tegra: fix strncpy()/strncat() confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]