[Mesa-dev] [PATCH v2 2/3] gallium/hud: Prevent buffer overflow in hud_thread_counter_install
Brian Paul
brianp at vmware.com
Sun Jul 2 15:02:42 UTC 2017
On 06/30/2017 05:59 PM, Robert Foss wrote:
> On Thu, 2017-06-29 at 07:28 -0600, Brian Paul wrote:
>> On 06/29/2017 07:21 AM, Robert Foss wrote:
>>> Switch to using strncopy to avoid potential overflow of
>>> name array in struct hud_graph.
>>>
>>> Coverity-id: 1413761
>>>
>>> Signed-off-by: Robert Foss <robert.foss at collabora.com>
>>> ---
>>> src/gallium/auxiliary/hud/hud_cpu.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/src/gallium/auxiliary/hud/hud_cpu.c
>>> b/src/gallium/auxiliary/hud/hud_cpu.c
>>> index 4caaab6977..468c36207b 100644
>>> --- a/src/gallium/auxiliary/hud/hud_cpu.c
>>> +++ b/src/gallium/auxiliary/hud/hud_cpu.c
>>> @@ -362,7 +362,7 @@ void hud_thread_counter_install(struct hud_pane
>>> *pane, const char *name,
>>> if (!gr)
>>> return;
>>>
>>> - strcpy(gr->name, name);
>>> + strncpy(gr->name, name, HUD_GRAPH_NAME_LEN);
>>
>> strncpy() doesn't null terminate the destination if strlen(name) >=
>> HUD_GRAPH_NAME_LEN
>>
>> If you're concerned with overflow, you need to address that too.
>>
>> You might looks if we have a gallium util function for strncpy with
>> null
>> termination.
>
> I had a look at adding a stncpy analog to src/util/u_string.h but it
> would seem that these implementation are only intended for _WIN32
> platforms.
The util_*() functions are portability wrappers. For Linux/etc we
define the functions as macros which alias standard functions. For
Windows we have to roll our own.
I'd suggest adding a new util_strncpy() function that always does null
termination.
-Brian
More information about the mesa-dev
mailing list