Re: [Patch] Zoran strncpy() cleanup

From: Horst Schirmeier
Date: Mon Jun 05 2006 - 17:01:36 EST

Next message: Arjan van de Ven: "Re: 2.6.17-rc5-mm3"
Previous message: Dave Jones: "Re: 2.6.17-rc5-mm3"
In reply to: Eric Sesterhenn: "[Patch] Zoran strncpy() cleanup"
Next in thread: Eric Sesterhenn: "Re: [Patch] Zoran strncpy() cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 05 Jun 2006, Eric Sesterhenn wrote:
> hi,
>
> this was spotted by coverity ( bug id #536 ). While
> it is not really a bug, i think we should clean it up.
> std->name can only hold 24 chars, not 32 as the strncpy() calls
> suggest. std->name can hold 32 chars, but since we use constant
> fixed-sized strings, which will always fit into these arrays, i changed
> the strncpy() calls to strcpy(). If you prefer strncpy(foo->name, "bar", sizeof(foo->name))
> please let me know and i redo the patch.
>
> Signed-off-by: Eric Sesterhenn <snakebyte@xxxxxx>

This _is_ really a bug. strncpy() pads the remaining bytes of dest with
zeroes, which destroys parts of the v4l2_standard structure (in
particular, the v4l2_fract substructure). I'd suggest not to use
strcpy() although it's safe here -- until someone changes the structure
sizes.

Kind regards,
Horst

--
PGP-Key 0xD40E0E7A
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: 2.6.17-rc5-mm3"
Previous message: Dave Jones: "Re: 2.6.17-rc5-mm3"
In reply to: Eric Sesterhenn: "[Patch] Zoran strncpy() cleanup"
Next in thread: Eric Sesterhenn: "Re: [Patch] Zoran strncpy() cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]