Commit 5ef76cb7 authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab Committed by Mauro Carvalho Chehab

media: siano: be sure to not override devpath size

Right now, at siano driver, all places where devpath is
defined has sizeof(devpath) == 32. So, there's no practical
risc of going past devpath array anywhere.

Still, code changes might cause troubles. It also confuses
Coverity:
	CID 139059 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
	9. fixed_size_dest: You might overrun the 32-character
	   fixed-size string entry->devpath by copying devpath
	   without checking the length.
	10. parameter_as_source: Note: This defect has an
	    elevated risk because the source argument
	    is a parameter of the current function.

So, explicitly limit strcmp() and strcpy() to ensure that the
devpath size (32) will be respected.
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
parent e1b7f11b
...@@ -415,8 +415,8 @@ EXPORT_SYMBOL_GPL(smscore_get_board_id); ...@@ -415,8 +415,8 @@ EXPORT_SYMBOL_GPL(smscore_get_board_id);
struct smscore_registry_entry_t { struct smscore_registry_entry_t {
struct list_head entry; struct list_head entry;
char devpath[32]; char devpath[32];
int mode; int mode;
enum sms_device_type_st type; enum sms_device_type_st type;
}; };
...@@ -442,7 +442,7 @@ static struct smscore_registry_entry_t *smscore_find_registry(char *devpath) ...@@ -442,7 +442,7 @@ static struct smscore_registry_entry_t *smscore_find_registry(char *devpath)
next != &g_smscore_registry; next != &g_smscore_registry;
next = next->next) { next = next->next) {
entry = (struct smscore_registry_entry_t *) next; entry = (struct smscore_registry_entry_t *) next;
if (!strcmp(entry->devpath, devpath)) { if (!strncmp(entry->devpath, devpath, sizeof(entry->devpath))) {
kmutex_unlock(&g_smscore_registrylock); kmutex_unlock(&g_smscore_registrylock);
return entry; return entry;
} }
...@@ -450,7 +450,7 @@ static struct smscore_registry_entry_t *smscore_find_registry(char *devpath) ...@@ -450,7 +450,7 @@ static struct smscore_registry_entry_t *smscore_find_registry(char *devpath)
entry = kmalloc(sizeof(*entry), GFP_KERNEL); entry = kmalloc(sizeof(*entry), GFP_KERNEL);
if (entry) { if (entry) {
entry->mode = default_mode; entry->mode = default_mode;
strcpy(entry->devpath, devpath); strlcpy(entry->devpath, devpath, sizeof(entry->devpath));
list_add(&entry->entry, &g_smscore_registry); list_add(&entry->entry, &g_smscore_registry);
} else } else
pr_err("failed to create smscore_registry.\n"); pr_err("failed to create smscore_registry.\n");
...@@ -733,7 +733,7 @@ int smscore_register_device(struct smsdevice_params_t *params, ...@@ -733,7 +733,7 @@ int smscore_register_device(struct smsdevice_params_t *params,
dev->postload_handler = params->postload_handler; dev->postload_handler = params->postload_handler;
dev->device_flags = params->flags; dev->device_flags = params->flags;
strcpy(dev->devpath, params->devpath); strlcpy(dev->devpath, params->devpath, sizeof(dev->devpath));
smscore_registry_settype(dev->devpath, params->device_type); smscore_registry_settype(dev->devpath, params->device_type);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment