[OpenWrt-Devel] [PATCH] use strncpy instead of strcpy

Petr Štetiar ynezz at true.cz
Wed Dec 25 04:48:11 EST 2019


Khem Raj <raj.khem at gmail.com> [2019-12-24 14:15:26]:

> On Tue, Dec 24, 2019 at 1:51 PM Petr Štetiar <ynezz at true.cz> wrote:
> 
> > Khem Raj <raj.khem at gmail.com> [2019-12-24 10:02:13]:
> >
> > Hi,
> >
> > use "PATCH libubox" subject prefix, because there is no blobmsg.c file in
> > the
> > main tree.
> >
> > > Fixes error: '__builtin_strcpy' offset 6 from the object at 'attr' is
> > out of
> > > the bounds of referenced subobject 'name' with type 'uint8_t[0]' {aka
> > > 'unsigned char[0]'} at offset 6 [-Werror=array-bounds]

What about following fix[1]? The target hdr->name buffer has already the
terminating 0 included as blobmsg_hdrlen has strlen+1 and blob_new() memsets
the buffer to 0.

1. https://gitlab.com/ynezz/openwrt-libubox/commit/3775b3aa28de8c20d96b6f02786a327423b0748a

From 3775b3aa28de8c20d96b6f02786a327423b0748a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz at true.cz>
Date: Wed, 25 Dec 2019 10:27:59 +0100
Subject: [PATCH] blobmsg: fix array out of bounds GCC 10 warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes following warning reported by GCC 10.0.0 20191203:

 blobmsg.c:234:2: error: 'strcpy' offset 6 from the object at 'attr' is out of
the bounds of referenced subobject 'name' with type 'uint8_t[0]' {aka
'unsigned char[0]'} at offset 6 [-Werror=array-bounds]
   234 |  strcpy((char *) hdr->name, (const char *)name);
       |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 In file included from blobmsg.c:16:
 blobmsg.h:42:10: note: subobject 'name' declared here
    42 |  uint8_t name[];
       |          ^~~~

Reported-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 blobmsg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blobmsg.c b/blobmsg.c
index 48dba8156d58..ef68d8ae59f7 100644
--- a/blobmsg.c
+++ b/blobmsg.c
@@ -240,7 +240,7 @@ blobmsg_new(struct blob_buf *buf, int type, const char
*name, int payload_len, v
 	attr->id_len |= be32_to_cpu(BLOB_ATTR_EXTENDED);
 	hdr = blob_data(attr);
 	hdr->namelen = cpu_to_be16(namelen);
-	strcpy((char *) hdr->name, (const char *)name);
+	memcpy(hdr->name, name, namelen);
 	pad_end = *data = blobmsg_data(attr);
 	pad_start = (char *) &hdr->name[namelen];
 	if (pad_start < pad_end)

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list