No subject
=3D?UTF-8?q?Petr=3D20=3DC5=3DA0tetiar?=3D
=3D?UTF-8?q?Petr=3D20=3DC5=3DA0tetiar?=3D
Thu Jun 25 05:52:11 EDT 2020
@true.cz" target=3D"_blank">ynezz at true.cz</a>><br>
Date: Wed, 25 Dec 2019 10:27:59 +0100<br>
Subject: [PATCH] blobmsg: fix array out of bounds GCC 10 warning<br>
MIME-Version: 1.0<br>
Content-Type: text/plain; charset=3DUTF-8<br>
Content-Transfer-Encoding: 8bit<br>
<br>
Fixes following warning reported by GCC 10.0.0 20191203:<br>
<br>
=C2=A0blobmsg.c:234:2: error: 'strcpy' offset 6 from the object at =
'attr' is out of<br>
the bounds of referenced subobject 'name' with type 'uint8_t[0]=
' {aka<br>
'unsigned char[0]'} at offset 6 [-Werror=3Darray-bounds]<br>
=C2=A0 =C2=A0234 |=C2=A0 strcpy((char *) hdr->name, (const char *)name);=
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~~~~~<br>
<br>
=C2=A0In file included from blobmsg.c:16:<br>
=C2=A0blobmsg.h:42:10: note: subobject 'name' declared here<br>
=C2=A0 =C2=A0 42 |=C2=A0 uint8_t name[];<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ^~~~<br>
<br>
Reported-by: Khem Raj <<a href=3D"mailto:raj.khem at gmail.com" target=3D"_=
blank">raj.khem at gmail.com</a>><br>
Signed-off-by: Petr =C5=A0tetiar <<a href=3D"mailto:ynezz at true.cz" targe=
t=3D"_blank">ynezz at true.cz</a>><br>
---<br>
=C2=A0blobmsg.c | 2 +-<br>
=C2=A01 file changed, 1 insertion(+), 1 deletion(-)<br>
<br>
diff --git a/blobmsg.c b/blobmsg.c<br>
index 48dba8156d58..ef68d8ae59f7 100644<br>
--- a/blobmsg.c<br>
+++ b/blobmsg.c<br>
@@ -240,7 +240,7 @@ blobmsg_new(struct blob_buf *buf, int type, const char<=
br>
*name, int payload_len, v<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 attr->id_len |=3D be32_to_cpu(BLOB_ATTR_EXTE=
NDED);<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 hdr =3D blob_data(attr);<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 hdr->namelen =3D cpu_to_be16(namelen);<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0strcpy((char *) hdr->name, (const char *)nam=
e);<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0memcpy(hdr->name, name, namelen);</blockquot=
e><div dir=3D"auto"><br></div><div dir=3D"auto">Yes if we are sure about te=
rminating null then memcpy works too</div><div dir=3D"auto"><br></div><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex"><br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 pad_end =3D *data =3D blobmsg_data(attr);<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 pad_start =3D (char *) &hdr->name[namele=
n];<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (pad_start < pad_end)<br>
</blockquote></div></div>
--0000000000002580bb059a892af2--
--===============7418009348676839780==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
--===============7418009348676839780==--
More information about the openwrt-devel
mailing list