[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-trivial] [PATCH for 2.10 31/35] syscall: replace strcpy() by g_str
From: |
Philippe Mathieu-Daudé |
Subject: |
[Qemu-trivial] [PATCH for 2.10 31/35] syscall: replace strcpy() by g_strlcpy() |
Date: |
Mon, 24 Jul 2017 15:27:47 -0300 |
linux-user/syscall.c:9860:17: warning: Call to function 'strcpy' is insecure as
it does not provide bounding of the memory buffer. Replace unbounded copy
functions with analogous functions that support length arguments such as
'strlcpy'. CWE-119
strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
^~~~~~
Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
---
linux-user/syscall.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 963b9c8f4b..847f729834 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9853,7 +9853,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
if (!is_error(ret)) {
/* Overwrite the native machine name with whatever is being
emulated. */
- strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
+ g_strlcpy(buf->machine, cpu_to_uname_machine(cpu_env),
+ sizeof(buf->machine));
/* Allow the user to override the reported release. */
if (qemu_uname_release && *qemu_uname_release) {
g_strlcpy(buf->release, qemu_uname_release,
--
2.13.3
- Re: [Qemu-trivial] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, (continued)
- [Qemu-trivial] [PATCH for 2.10 26/35] linux-user: use is_error() to avoid warnings and make the code clearer, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 30/35] syscall: fix use of uninitialized values, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 31/35] syscall: replace strcpy() by g_strlcpy(),
Philippe Mathieu-Daudé <=
- [Qemu-trivial] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning about out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [RFC PATCH for 2.10 35/35] script to run docker image, Philippe Mathieu-Daudé, 2017/07/24
Re: [Qemu-trivial] [PATCH for 2.10 00/35] fix bugs reported by Clang Static Analyzer, Peter Maydell, 2017/07/24