From patchwork Mon Jun 4 15:19:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 925087 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=vivier.eu Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40zzHp1CVBz9s0w for ; Tue, 5 Jun 2018 01:24:21 +1000 (AEST) Received: from localhost ([::1]:40351 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fPrLH-0004tE-7U for incoming@patchwork.ozlabs.org; Mon, 04 Jun 2018 11:24:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38998) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fPrHp-0002AD-Qs for qemu-devel@nongnu.org; Mon, 04 Jun 2018 11:20:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fPrHo-0005yc-OA for qemu-devel@nongnu.org; Mon, 04 Jun 2018 11:20:45 -0400 Received: from mout.kundenserver.de ([212.227.126.134]:48495) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fPrHo-0005xh-Dl for qemu-devel@nongnu.org; Mon, 04 Jun 2018 11:20:44 -0400 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue007 [212.227.15.167]) with ESMTPSA (Nemesis) id 0MPvMs-1fLzf22dxy-0052rd; Mon, 04 Jun 2018 17:20:30 +0200 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Mon, 4 Jun 2018 17:19:59 +0200 Message-Id: <20180604152015.13359-2-laurent@vivier.eu> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180604152015.13359-1-laurent@vivier.eu> References: <20180604152015.13359-1-laurent@vivier.eu> MIME-Version: 1.0 X-Provags-ID: V03:K1:Ffhcx4cdEOU53BxjWkNclSsjalmFBLLH41k76H9XrS1vhW4RbSw dPG+n1lI6s8VLQeciVyazjEbLv1/RInbXTvZucuCaZOUNDJqoYBwQTPpj5i+Cfrt+SBzTwp zHyt+c6Yg2jfzDNGFmGGf7GAZSGJ/JPUwEx7BYAUpkUxCAzWcTkYahy23pvgZQXETrXCkF2 lyL12gnDBCYIaKJHslJdQ== X-UI-Out-Filterresults: notjunk:1; V01:K0:Ozvu5uNr6so=:Vk2I5yCFXXVDOeRf0CAW2U afRLt23Illtx7RL8VUqdBuSFz6Bj3VbiqrMP7ItLGvlL9pTdfNWuO4+tisDVee1hc+DSt8RqA 0lJmDxfdnwxg6j0JHahJZMJzJMw3sXgZuy0rcDfhv5eI8UmHfQD91xiCgVpelYQH/TPFcQwcY k/OEa9ehSTvJoXSogcXAGYyKR41Abppa4hcbIr/faVQkB4M3T58yfKuCn61al/XkwK+2IAGai XlmvLkuLW8GG1YfST+wN8JIiVgVZUuMQdlUrOn0md+/RTRLeQGSsagVa2nrxmINIfa8rDoigL hB0GsPdFoVpUznpPAwjJqzNiZOGiGWk2X6zDHNk1wIdx2a7uj7+7f3WJZ8Or6WHOGzb90ExHW 4Ddd3flPjOdZ4Z4UaSGQKTnFbO28jKsESAfo85F90uQe0EoRX9eRhGcYEGF6bsBafviVg20w/ 4ybVC/QZt8b5EqkarIX1O4SPIShOkdIravCAigA+iKLp6hEUU2FssoujO/jmOiu5JFYWEwIw4 ugT9OTYBrgi9LN0fJmZT2oDLyFh1excIojoJeODw1Bqx0BN3CM9HHPUHNvUScObXeH0eM7Dwj WuL9f8RjiyygdfzAwwDkftSCZCS9ndtbFpzzx0nih7dfy4nEkdEkfu4aVEY+D5JlgwNUk4wTe LLAdqsnhfobLNodKRxgLSuFyv+D1bJcMyr0s0NrKr/4r4Mc9skYdKNc2RVK3MQpw3vTEibNla pLw01zLR8E59Ugsy X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 212.227.126.134 Subject: [Qemu-devel] [PULL 01/17] syscall: replace strcpy() by g_strlcpy() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Mark Cave-Ayland , Laurent Vivier , Artyom Tarasenko , =?utf-8?q?Philippe_Mathieu-Da?= =?utf-8?q?ud=C3=A9?= Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Philippe Mathieu-Daudé linux-user/syscall.c:9860:17: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy (buf->machine, cpu_to_uname_machine(cpu_env)); ^~~~~~ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Laurent Vivier Message-Id: <20170724182751.18261-32-f4bug@amsat.org> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index d02c16bbc6..7b9ac3b408 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10156,7 +10156,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, if (!is_error(ret)) { /* Overwrite the native machine name with whatever is being emulated. */ - strcpy (buf->machine, cpu_to_uname_machine(cpu_env)); + g_strlcpy(buf->machine, cpu_to_uname_machine(cpu_env), + sizeof(buf->machine)); /* Allow the user to override the reported release. */ if (qemu_uname_release && *qemu_uname_release) { g_strlcpy(buf->release, qemu_uname_release,