From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 97F522BA8 for ; Wed, 29 Jun 2016 11:06:00 +0200 (CEST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga102.fm.intel.com with ESMTP; 29 Jun 2016 02:06:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,545,1459839600"; d="scan'208";a="837224887" Received: from dpdk06.sh.intel.com ([10.239.128.225]) by orsmga003.jf.intel.com with ESMTP; 29 Jun 2016 02:06:00 -0700 From: Jianfeng Tan To: dev@dpdk.org Cc: yuanhan.liu@linux.intel.com, huawei.xie@intel.com, john.mcnamara@intel.com, Jianfeng Tan Date: Wed, 29 Jun 2016 09:05:34 +0000 Message-Id: <1467191137-65087-3-git-send-email-jianfeng.tan@intel.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1467191137-65087-1-git-send-email-jianfeng.tan@intel.com> References: <1467191137-65087-1-git-send-email-jianfeng.tan@intel.com> Subject: [dpdk-dev] [PATCH 2/4] net/virtio-user: fix string overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 09:06:01 -0000 When parsing /proc/self/maps to get hugepage information, the string was being copied with strcpy(), which could, theoretically but in fact not possiblly, overflow the destination buffer. Anyway, to avoid the false alarm, we replaced strncpy with snprintf for safely copying the strings. Coverity issue: 127484 Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer") Signed-off-by: Jianfeng Tan --- drivers/net/virtio/virtio_user/vhost_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/virtio/virtio_user/vhost_user.c b/drivers/net/virtio/virtio_user/vhost_user.c index a159ece..082e821 100644 --- a/drivers/net/virtio/virtio_user/vhost_user.c +++ b/drivers/net/virtio/virtio_user/vhost_user.c @@ -181,7 +181,7 @@ get_hugepage_file_info(struct hugepage_file_info huges[], int max) } huges[idx].addr = v_start; huges[idx].size = v_end - v_start; - strcpy(huges[idx].path, tmp); + snprintf(huges[idx].path, PATH_MAX, "%s", tmp); idx++; } -- 2.1.4