lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAJZ5v0icCBBvR1WXUh1qKMC-Uqie-PaoaE4gMULdmUMKNzJZ_A@mail.gmail.com>
Date:   Thu, 17 Aug 2023 19:39:52 +0200
From:   "Rafael J. Wysocki" <rafael@...nel.org>
To:     Sunil V L <sunilvl@...tanamicro.com>
Cc:     linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
        "Rafael J . Wysocki" <rafael@...nel.org>,
        Len Brown <lenb@...nel.org>,
        Palmer Dabbelt <palmer@...osinc.com>,
        Andrew Jones <ajones@...tanamicro.com>,
        Conor Dooley <conor.dooley@...rochip.com>,
        kernel test robot <lkp@...el.com>
Subject: Re: [PATCH] PNP/ACPI: Fix string truncation warning

On Tue, Jul 25, 2023 at 7:29 AM Sunil V L <sunilvl@...tanamicro.com> wrote:
>
> LKP reports below warning when building for RISC-V.
>
> drivers/pnp/pnpacpi/core.c:253:17:
> warning: 'strncpy' specified bound 50 equals destination
> size [-Wstringop-truncation]
>
> This appears like a valid issue since the destination
> string may not be null-terminated. To fix this, append
> the NUL explicitly after the strncpy.
>
> Reported-by: kernel test robot <lkp@...el.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202307241942.Rff2Nri5-lkp@intel.com/
> Signed-off-by: Sunil V L <sunilvl@...tanamicro.com>
> ---
>  drivers/pnp/pnpacpi/core.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c
> index 38928ff7472b..6ab272c84b7b 100644
> --- a/drivers/pnp/pnpacpi/core.c
> +++ b/drivers/pnp/pnpacpi/core.c
> @@ -254,6 +254,9 @@ static int __init pnpacpi_add_device(struct acpi_device *device)
>         else
>                 strncpy(dev->name, acpi_device_bid(device), sizeof(dev->name));
>
> +       /* Handle possible string truncation */
> +       dev->name[sizeof(dev->name) - 1] = '\0';
> +
>         if (dev->active)
>                 pnpacpi_parse_allocated_resource(dev);
>
> --

Applied as 6.6 material, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ