Hello Maintainers:
Please help check it when you have time.
Thanks.
On 05/21/2013 07:53 PM, Chen Gang wrote:
> On 05/21/2013 07:47 PM, Mauro Carvalho Chehab wrote:
>> Em Tue, 07 May 2013 20:11:08 +0800
>> Chen Gang <gang.chen@xxxxxxxxxxx> escreveu:
>>
>>>>
>>>> For NUL terminated string, need always let it ended by zero.
>>>>
>>>> The 'name' may be copied to user mode ('dvb_fe->ops.info' is 'struct
>>>> dvb_frontend_info' which is defined in ./include/uapi/...), and its
>>>> length is also known within as102_dvb_register_fe(), so need fully
>>>> initialize it (not use strlcpy instead of strncpy).
>>>>
>>>>
>>>> Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
>>>> ---
>>>> drivers/staging/media/as102/as102_fe.c | 1 +
>>>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/drivers/staging/media/as102/as102_fe.c b/drivers/staging/media/as102/as102_fe.c
>>>> index 9ce8c9d..b3efec9 100644
>>>> --- a/drivers/staging/media/as102/as102_fe.c
>>>> +++ b/drivers/staging/media/as102/as102_fe.c
>>>> @@ -334,6 +334,7 @@ int as102_dvb_register_fe(struct as102_dev_t *as102_dev,
>>>> memcpy(&dvb_fe->ops, &as102_fe_ops, sizeof(struct dvb_frontend_ops));
>>>> strncpy(dvb_fe->ops.info.name, as102_dev->name,
>>>> sizeof(dvb_fe->ops.info.name));
>>>> + dvb_fe->ops.info.name[sizeof(dvb_fe->ops.info.name) - 1] = '\0';
>> Instead, the better would be to use strlcpy(), as it warrants that the
>> copied string will be nul-terminated.
>
> Within this function, we know 'dvb_fe->ops.info' my copy to user mode
> (the structure is defined in ./include/uapi/...), and we also known the
> full length of the buffer, so better still use strncpy to give a full
> initialized, and still be sure of the nul-terminated.
>
>
> Thanks.
>
--
Chen Gang
Asianux Corporation
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
