[dpdk-dev,v2,06/18] drivers/net/nfp/nfpcore: fix off-by-one and no NUL on strncpy use
Checks
Commit Message
/home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from
a string of length 8 [-Werror=stringop-truncation]
strncpy(name_pad, res->name, sizeof(name_pad));
Signed-off-by: Andy Green <andy@warmcat.com>
---
drivers/net/nfp/nfpcore/nfp_resource.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
Comments
On Wed, May 9, 2018 at 2:31 AM, Andy Green <andy@warmcat.com> wrote:
> /home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
> 76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from
> a string of length 8 [-Werror=stringop-truncation]
> strncpy(name_pad, res->name, sizeof(name_pad));
>
> Signed-off-by: Andy Green <andy@warmcat.com>
> ---
> drivers/net/nfp/nfpcore/nfp_resource.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/nfp/nfpcore/nfp_resource.c
> b/drivers/net/nfp/nfpcore/nfp_resource.c
> index e1df2b2e1..a165b93df 100644
> --- a/drivers/net/nfp/nfpcore/nfp_resource.c
> +++ b/drivers/net/nfp/nfpcore/nfp_resource.c
> @@ -7,6 +7,8 @@
> #include <time.h>
> #include <endian.h>
>
> +#include <rte_string_fns.h>
> +
> #include "nfp_cpp.h"
> #include "nfp6000/nfp6000.h"
> #include "nfp_resource.h"
> @@ -65,15 +67,15 @@ struct nfp_resource {
> static int
> nfp_cpp_resource_find(struct nfp_cpp *cpp, struct nfp_resource *res)
> {
> - char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ] = {};
> + char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ + 2];
> struct nfp_resource_entry entry;
> uint32_t cpp_id, key;
> int ret, i;
>
> cpp_id = NFP_CPP_ID(NFP_RESOURCE_TBL_TARGET, 3, 0); /* Atomic
> read */
>
> - memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
> - strncpy(name_pad, res->name, sizeof(name_pad));
> + memset(name_pad, 0, sizeof(name_pad));
> + strlcpy(name_pad, res->name, sizeof(name_pad));
>
> /* Search for a matching entry */
> if (!memcmp(name_pad, NFP_RESOURCE_TBL_NAME "\0\0\0\0\0\0\0\0",
> 8)) {
>
>
I'm afraid this patch is breaking the PMD NFP initialization. It is due to
how the name pad is used for getting a key which is compared against a key
generated by the firmware.
Because the name_pad size change, this next change is also required:
- key = nfp_crc32_posix(name_pad, sizeof(name_pad));
+ key = nfp_crc32_posix(name_pad, NFP_RESOURCE_ENTRY_NAME_SZ);
@@ -7,6 +7,8 @@
#include <time.h>
#include <endian.h>
+#include <rte_string_fns.h>
+
#include "nfp_cpp.h"
#include "nfp6000/nfp6000.h"
#include "nfp_resource.h"
@@ -65,15 +67,15 @@ struct nfp_resource {
static int
nfp_cpp_resource_find(struct nfp_cpp *cpp, struct nfp_resource *res)
{
- char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ] = {};
+ char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ + 2];
struct nfp_resource_entry entry;
uint32_t cpp_id, key;
int ret, i;
cpp_id = NFP_CPP_ID(NFP_RESOURCE_TBL_TARGET, 3, 0); /* Atomic read */
- memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
- strncpy(name_pad, res->name, sizeof(name_pad));
+ memset(name_pad, 0, sizeof(name_pad));
+ strlcpy(name_pad, res->name, sizeof(name_pad));
/* Search for a matching entry */
if (!memcmp(name_pad, NFP_RESOURCE_TBL_NAME "\0\0\0\0\0\0\0\0", 8)) {