[Mesa-dev] [PATCH v2 2/3] gallium/hud: Prevent buffer overflow in hud_thread_counter_install
Robert Foss
robert.foss at collabora.com
Fri Jun 30 23:59:40 UTC 2017
On Thu, 2017-06-29 at 07:28 -0600, Brian Paul wrote:
> On 06/29/2017 07:21 AM, Robert Foss wrote:
> > Switch to using strncopy to avoid potential overflow of
> > name array in struct hud_graph.
> >
> > Coverity-id: 1413761
> >
> > Signed-off-by: Robert Foss <robert.foss at collabora.com>
> > ---
> > src/gallium/auxiliary/hud/hud_cpu.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/gallium/auxiliary/hud/hud_cpu.c
> > b/src/gallium/auxiliary/hud/hud_cpu.c
> > index 4caaab6977..468c36207b 100644
> > --- a/src/gallium/auxiliary/hud/hud_cpu.c
> > +++ b/src/gallium/auxiliary/hud/hud_cpu.c
> > @@ -362,7 +362,7 @@ void hud_thread_counter_install(struct hud_pane
> > *pane, const char *name,
> > if (!gr)
> > return;
> >
> > - strcpy(gr->name, name);
> > + strncpy(gr->name, name, HUD_GRAPH_NAME_LEN);
>
> strncpy() doesn't null terminate the destination if strlen(name) >=
> HUD_GRAPH_NAME_LEN
>
> If you're concerned with overflow, you need to address that too.
>
> You might looks if we have a gallium util function for strncpy with
> null
> termination.
I had a look at adding a stncpy analog to src/util/u_string.h but it
would seem that these implementation are only intended for _WIN32
platforms.
Were you thinking of another bunch of util functions? Or am I
misunderstanding something else?
Rob.
More information about the mesa-dev
mailing list