[dpdk-dev,v4,07/18] net/nfp/nfpcore: off-by-one and no NUL on strncpy use
Checks
Commit Message
/home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from
a string of length 8 [-Werror=stringop-truncation]
strncpy(name_pad, res->name, sizeof(name_pad));
Signed-off-by: Andy Green <andy@warmcat.com>
---
drivers/net/nfp/nfpcore/nfp_resource.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Andy Green
> Sent: Friday, May 11, 2018 2:46 AM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH v4 07/18] net/nfp/nfpcore: off-by-one and no NUL
> on strncpy use
>
> /home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
> 76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from a string of
> length 8 [-Werror=stringop-truncation]
> strncpy(name_pad, res->name, sizeof(name_pad));
>
> Signed-off-by: Andy Green <andy@warmcat.com>
> ---
> drivers/net/nfp/nfpcore/nfp_resource.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/nfp/nfpcore/nfp_resource.c
> b/drivers/net/nfp/nfpcore/nfp_resource.c
> index e1df2b2e1..dd41fa4de 100644
> --- a/drivers/net/nfp/nfpcore/nfp_resource.c
> +++ b/drivers/net/nfp/nfpcore/nfp_resource.c
...
> - memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
> - strncpy(name_pad, res->name, sizeof(name_pad));
> + memset(name_pad, 0, sizeof(name_pad));
> + strlcpy(name_pad, res->name, sizeof(name_pad));
I think memset is not required, as strlcpy already null terminate the buffer.
...
Missing fixes line.
Fixes: c7e9729da6b5 ("net/nfp: support CPP")
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
On 05/11/2018 06:33 PM, De Lara Guarch, Pablo wrote:
>
>
>> -----Original Message-----
>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Andy Green
>> Sent: Friday, May 11, 2018 2:46 AM
>> To: dev@dpdk.org
>> Subject: [dpdk-dev] [PATCH v4 07/18] net/nfp/nfpcore: off-by-one and no NUL
>> on strncpy use
>>
>> /home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
>> 76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from a string of
>> length 8 [-Werror=stringop-truncation]
>> strncpy(name_pad, res->name, sizeof(name_pad));
>>
>> Signed-off-by: Andy Green <andy@warmcat.com>
>> ---
>> drivers/net/nfp/nfpcore/nfp_resource.c | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/net/nfp/nfpcore/nfp_resource.c
>> b/drivers/net/nfp/nfpcore/nfp_resource.c
>> index e1df2b2e1..dd41fa4de 100644
>> --- a/drivers/net/nfp/nfpcore/nfp_resource.c
>> +++ b/drivers/net/nfp/nfpcore/nfp_resource.c
>
> ...
>
>> - memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
>> - strncpy(name_pad, res->name, sizeof(name_pad));
>> + memset(name_pad, 0, sizeof(name_pad));
>> + strlcpy(name_pad, res->name, sizeof(name_pad));
>
> I think memset is not required, as strlcpy already null terminate the buffer.
It seems required to keep it, because of the exciting code just below it:
/* Search for a matching entry */
if (!memcmp(name_pad, NFP_RESOURCE_TBL_NAME "\0\0\0\0\0\0\0\0",
8)) {
printf("Grabbing device lock not supported\n");
return -EOPNOTSUPP;
}
-Andy
> ...
>
> Missing fixes line.
>
> Fixes: c7e9729da6b5 ("net/nfp: support CPP")
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
>
@@ -7,6 +7,8 @@
#include <time.h>
#include <endian.h>
+#include <rte_string_fns.h>
+
#include "nfp_cpp.h"
#include "nfp6000/nfp6000.h"
#include "nfp_resource.h"
@@ -65,22 +67,22 @@ struct nfp_resource {
static int
nfp_cpp_resource_find(struct nfp_cpp *cpp, struct nfp_resource *res)
{
- char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ] = {};
+ char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ + 2];
struct nfp_resource_entry entry;
uint32_t cpp_id, key;
int ret, i;
cpp_id = NFP_CPP_ID(NFP_RESOURCE_TBL_TARGET, 3, 0); /* Atomic read */
- memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
- strncpy(name_pad, res->name, sizeof(name_pad));
+ memset(name_pad, 0, sizeof(name_pad));
+ strlcpy(name_pad, res->name, sizeof(name_pad));
/* Search for a matching entry */
if (!memcmp(name_pad, NFP_RESOURCE_TBL_NAME "\0\0\0\0\0\0\0\0", 8)) {
printf("Grabbing device lock not supported\n");
return -EOPNOTSUPP;
}
- key = nfp_crc32_posix(name_pad, sizeof(name_pad));
+ key = nfp_crc32_posix(name_pad, NFP_RESOURCE_ENTRY_NAME_SZ);
for (i = 0; i < NFP_RESOURCE_TBL_ENTRIES; i++) {
uint64_t addr = NFP_RESOURCE_TBL_BASE +