lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon,  8 Jul 2019 17:12:32 +0200
From:   Greg Kroah-Hartman <>
Cc:     Greg Kroah-Hartman <>,, Adrian Hunter <>,
        Jiri Olsa <>,
        Namhyung Kim <>,
        Arnaldo Carvalho de Melo <>
Subject: [PATCH 4.9 039/102] perf header: Fix unchecked usage of strncpy()

From: Arnaldo Carvalho de Melo <>

commit 5192bde7d98c99f2cd80225649e3c2e7493722f7 upstream.

The strncpy() function may leave the destination string buffer
unterminated, better use strlcpy() that we have a __weak fallback
implementation for systems without it.

This fixes this warning on an Alpine Linux Edge system with gcc 8.2:

  util/header.c: In function 'perf_event__synthesize_event_update_name':
  util/header.c:3625:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
    strncpy(ev->data, evsel->name, len);
  util/header.c:3618:15: note: length computed here
    size_t len = strlen(evsel->name);

Cc: Adrian Hunter <>
Cc: Jiri Olsa <>
Cc: Namhyung Kim <>
Fixes: a6e5281780d1 ("perf tools: Add event_update event unit type")
Signed-off-by: Arnaldo Carvalho de Melo <>
Signed-off-by: Greg Kroah-Hartman <>

 tools/perf/util/header.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3027,7 +3027,7 @@ perf_event__synthesize_event_update_name
 	if (ev == NULL)
 		return -ENOMEM;
-	strncpy(ev->data, evsel->name, len);
+	strlcpy(ev->data, evsel->name, len + 1);
 	err = process(tool, (union perf_event*) ev, NULL, NULL);
 	return err;

Powered by blists - more mailing lists