| Message ID | 20180328140920.2842153-1-arnd@arndb.de |
|---|---|
| State | Superseded |
| Headers | show |
| Series | tracing: avoid string overflow | expand |
Hi Arnd, On Wed, 2018-03-28 at 16:09 +0200, Arnd Bergmann wrote: > 'err' is used as a NUL-terminated string, but using strncpy() with the length > equal to the buffer size may result in lack of the termination: > > kernel/trace/trace_events_hist.c: In function 'hist_err_event': > kernel/trace/trace_events_hist.c:396:3: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation] > strncpy(err, var, MAX_FILTER_STR_VAL); > > This changes it to use the safer strscpy() instead. > > Fixes: f404da6e1d46 ("tracing: Add 'last error' error facility for hist triggers") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > kernel/trace/trace_events_hist.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c > index 4f027642ceef..8357f36d7a1e 100644 > --- a/kernel/trace/trace_events_hist.c > +++ b/kernel/trace/trace_events_hist.c > @@ -393,7 +393,7 @@ static void hist_err_event(char *str, char *system, char *event, char *var) > else if (system) > snprintf(err, MAX_FILTER_STR_VAL, "%s.%s", system, event); > else > - strncpy(err, var, MAX_FILTER_STR_VAL); > + strscpy(err, var, MAX_FILTER_STR_VAL); > > hist_err(str, err); > } Yes, thanks for finding this, and for the patch! Acked-by: Tom Zanussi <tom.zanussi@linux.intel.com>
On Wed, 28 Mar 2018 16:09:10 +0200 Arnd Bergmann <arnd@arndb.de> wrote: > 'err' is used as a NUL-terminated string, but using strncpy() with the length > equal to the buffer size may result in lack of the termination: > > kernel/trace/trace_events_hist.c: In function 'hist_err_event': > kernel/trace/trace_events_hist.c:396:3: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation] > strncpy(err, var, MAX_FILTER_STR_VAL); > > This changes it to use the safer strscpy() instead. > > Fixes: f404da6e1d46 ("tracing: Add 'last error' error facility for hist triggers") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Thanks! I pulled this in and will push it to git after testing has succeeded. -- Steve > --- > kernel/trace/trace_events_hist.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c > index 4f027642ceef..8357f36d7a1e 100644 > --- a/kernel/trace/trace_events_hist.c > +++ b/kernel/trace/trace_events_hist.c > @@ -393,7 +393,7 @@ static void hist_err_event(char *str, char *system, char *event, char *var) > else if (system) > snprintf(err, MAX_FILTER_STR_VAL, "%s.%s", system, event); > else > - strncpy(err, var, MAX_FILTER_STR_VAL); > + strscpy(err, var, MAX_FILTER_STR_VAL); > > hist_err(str, err); > }
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 4f027642ceef..8357f36d7a1e 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -393,7 +393,7 @@ static void hist_err_event(char *str, char *system, char *event, char *var) else if (system) snprintf(err, MAX_FILTER_STR_VAL, "%s.%s", system, event); else - strncpy(err, var, MAX_FILTER_STR_VAL); + strscpy(err, var, MAX_FILTER_STR_VAL); hist_err(str, err); }
'err' is used as a NUL-terminated string, but using strncpy() with the length equal to the buffer size may result in lack of the termination: kernel/trace/trace_events_hist.c: In function 'hist_err_event': kernel/trace/trace_events_hist.c:396:3: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation] strncpy(err, var, MAX_FILTER_STR_VAL); This changes it to use the safer strscpy() instead. Fixes: f404da6e1d46 ("tracing: Add 'last error' error facility for hist triggers") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- kernel/trace/trace_events_hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.9.0