[Mesa-dev] [PATCH] anv: limit string copy to target buffer size

Emil Velikov emil.l.velikov at gmail.com
Tue May 31 18:56:00 UTC 2016


On 31 May 2016 at 17:52, Jason Ekstrand <jason at jlekstrand.net> wrote:
> On Mon, May 30, 2016 at 6:17 PM, Eric Engestrom <eric at engestrom.ch> wrote:
>>
>> CoverityID: 1358935
>>
>> Signed-off-by: Eric Engestrom <eric at engestrom.ch>
>> ---
>>  src/intel/vulkan/anv_device.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/intel/vulkan/anv_device.c b/src/intel/vulkan/anv_device.c
>> index 046777d..e451138 100644
>> --- a/src/intel/vulkan/anv_device.c
>> +++ b/src/intel/vulkan/anv_device.c
>> @@ -566,7 +566,8 @@ void anv_GetPhysicalDeviceProperties(
>>        .sparseProperties = {0}, /* Broadwell doesn't do sparse. */
>>     };
>>
>> -   strcpy(pProperties->deviceName, pdevice->name);
>> +   strncpy(pProperties->deviceName, pdevice->name,
>> sizeof(pProperties->deviceName) - 1);
>> +   pProperties->deviceName[sizeof(pProperties->deviceName) - 1] = 0;
>
>
> This is a case we'll never have to worry about.  The string being copied
> comes from i965_pci_ids.h and the destination is always 256 characters.  I
> don't think our marketing people are ever going to come up with a name quite
> that long. :-)
>
If one wants to be extra careful they could add a STATIC_ASSERT(next
to the #include "i965_pci_ids.h") to verify that the length does not
exceed X characters.

Just a crazy idea.
-Emil


More information about the mesa-dev mailing list