On 05/21/2013 07:47 PM, Mauro Carvalho Chehab wrote:
> Em Tue, 07 May 2013 20:11:08 +0800
> Chen Gang <gang.chen@xxxxxxxxxxx> escreveu:
>
>> >
>> > For NUL terminated string, need always let it ended by zero.
>> >
>> > The 'name' may be copied to user mode ('dvb_fe->ops.info' is 'struct
>> > dvb_frontend_info' which is defined in ./include/uapi/...), and its
>> > length is also known within as102_dvb_register_fe(), so need fully
>> > initialize it (not use strlcpy instead of strncpy).
>> >
>> >
>> > Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
>> > ---
>> > drivers/staging/media/as102/as102_fe.c | 1 +
>> > 1 files changed, 1 insertions(+), 0 deletions(-)
>> >
>> > diff --git a/drivers/staging/media/as102/as102_fe.c b/drivers/staging/media/as102/as102_fe.c
>> > index 9ce8c9d..b3efec9 100644
>> > --- a/drivers/staging/media/as102/as102_fe.c
>> > +++ b/drivers/staging/media/as102/as102_fe.c
>> > @@ -334,6 +334,7 @@ int as102_dvb_register_fe(struct as102_dev_t *as102_dev,
>> > memcpy(&dvb_fe->ops, &as102_fe_ops, sizeof(struct dvb_frontend_ops));
>> > strncpy(dvb_fe->ops.info.name, as102_dev->name,
>> > sizeof(dvb_fe->ops.info.name));
>> > + dvb_fe->ops.info.name[sizeof(dvb_fe->ops.info.name) - 1] = '\0';
> Instead, the better would be to use strlcpy(), as it warrants that the
> copied string will be nul-terminated.
Within this function, we know 'dvb_fe->ops.info' my copy to user mode
(the structure is defined in ./include/uapi/...), and we also known the
full length of the buffer, so better still use strncpy to give a full
initialized, and still be sure of the nul-terminated.
Thanks.
--
Chen Gang
Asianux Corporation
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
