From: Arnd Bergmann <[email protected]>
The way that bpmp_populate_debugfs_inband() uses strncpy()
and strncat() makes no sense since the size argument for
the first is insufficient to contain the trailing '/'
and the second passes the length of the input rather than
the output, which triggers a warning:
In function 'strncat',
inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
289 | #define __underlying_strncat __builtin_strncat
| ^
include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
367 | return __underlying_strncat(p, q, count);
| ^~~~~~~~~~~~~~~~~~~~
drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
include/linux/string.h:288:29: note: length computed here
288 | #define __underlying_strlen __builtin_strlen
| ^
include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
321 | return __underlying_strlen(p);
Simplify this to use an snprintf() instead.
Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
Signed-off-by: Arnd Bergmann <[email protected]>
---
v2: Use the correct arguments for snprintf(), as pointed out by Arvind Sankar
---
drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
index c1bbba9ee93a..440d99c63638 100644
--- a/drivers/firmware/tegra/bpmp-debugfs.c
+++ b/drivers/firmware/tegra/bpmp-debugfs.c
@@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
goto out;
}
- len = strlen(ppath) + strlen(name) + 1;
+ len = snprintf(pathbuf, pathlen, "%s%s/", ppath, name);
if (len >= pathlen) {
err = -EINVAL;
goto out;
}
- strncpy(pathbuf, ppath, pathlen);
- strncat(pathbuf, name, strlen(name));
- strcat(pathbuf, "/");
-
err = bpmp_populate_debugfs_inband(bpmp, dentry,
pathbuf);
if (err < 0)
--
2.27.0
On 26/10/2020 16:49, Arnd Bergmann wrote:
> From: Arnd Bergmann <[email protected]>
>
> The way that bpmp_populate_debugfs_inband() uses strncpy()
> and strncat() makes no sense since the size argument for
> the first is insufficient to contain the trailing '/'
I don't believe that is the case, because there is a +1 for trailing '/'
and the if statement is checking if the len is equal to or greater than.
If it is equal then there is no room for the nul character and will
fail. So it should not overflow.
> and the second passes the length of the input rather than
> the output, which triggers a warning:
>
> In function 'strncat',
> inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
> include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
> 289 | #define __underlying_strncat __builtin_strncat
> | ^
> include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
> 367 | return __underlying_strncat(p, q, count);
> | ^~~~~~~~~~~~~~~~~~~~
> drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
> include/linux/string.h:288:29: note: length computed here
> 288 | #define __underlying_strlen __builtin_strlen
> | ^
> include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
> 321 | return __underlying_strlen(p);
>
> Simplify this to use an snprintf() instead.
>
> Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> v2: Use the correct arguments for snprintf(), as pointed out by Arvind Sankar
> ---
> drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
> index c1bbba9ee93a..440d99c63638 100644
> --- a/drivers/firmware/tegra/bpmp-debugfs.c
> +++ b/drivers/firmware/tegra/bpmp-debugfs.c
> @@ -412,16 +412,12 @@ static int bpmp_populate_debugfs_inband(struct tegra_bpmp *bpmp,
> goto out;
> }
>
> - len = strlen(ppath) + strlen(name) + 1;
> + len = snprintf(pathbuf, pathlen, "%s%s/", ppath, name);
> if (len >= pathlen) {
> err = -EINVAL;
> goto out;
> }
>
> - strncpy(pathbuf, ppath, pathlen);
> - strncat(pathbuf, name, strlen(name));
> - strcat(pathbuf, "/");
> -
> err = bpmp_populate_debugfs_inband(bpmp, dentry,
> pathbuf);
> if (err < 0)
>
However, this is indeed much better and so thanks for the simplification.
Acked-by: Jon Hunter <[email protected]>
Cheers
Jon
--
nvpublic
On Mon, Oct 26, 2020 at 05:49:21PM +0100, Arnd Bergmann wrote:
> From: Arnd Bergmann <[email protected]>
>
> The way that bpmp_populate_debugfs_inband() uses strncpy()
> and strncat() makes no sense since the size argument for
> the first is insufficient to contain the trailing '/'
> and the second passes the length of the input rather than
> the output, which triggers a warning:
>
> In function 'strncat',
> inlined from 'bpmp_populate_debugfs_inband' at ../drivers/firmware/tegra/bpmp-debugfs.c:422:4:
> include/linux/string.h:289:30: warning: '__builtin_strncat' specified bound depends on the length of the source argument [-Wstringop-overflow=]
> 289 | #define __underlying_strncat __builtin_strncat
> | ^
> include/linux/string.h:367:10: note: in expansion of macro '__underlying_strncat'
> 367 | return __underlying_strncat(p, q, count);
> | ^~~~~~~~~~~~~~~~~~~~
> drivers/firmware/tegra/bpmp-debugfs.c: In function 'bpmp_populate_debugfs_inband':
> include/linux/string.h:288:29: note: length computed here
> 288 | #define __underlying_strlen __builtin_strlen
> | ^
> include/linux/string.h:321:10: note: in expansion of macro '__underlying_strlen'
> 321 | return __underlying_strlen(p);
>
> Simplify this to use an snprintf() instead.
>
> Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug")
> Signed-off-by: Arnd Bergmann <[email protected]>
> ---
> v2: Use the correct arguments for snprintf(), as pointed out by Arvind Sankar
> ---
> drivers/firmware/tegra/bpmp-debugfs.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
Applied, thanks.
Thierry