On Mon, Mar 22, 2010 at 05:04:55PM +0100, Takashi Iwai wrote:
> At Mon, 22 Mar 2010 08:43:47 -0700,
> Joe Perches wrote:
> >
> > On Mon, 2010-03-22 at 18:39 +0300, Dan Carpenter wrote:
> > > card->driver is 15 characters and a NULL, the original code could
> > > cause a buffer overflow.
> >
> > > In version 2, I used a better name that Takashi Iwai suggested.
> >
> > Perhaps it's better to use strncpy as well.
>
> strlcpy() would be safer :)
>
> But, in such a case, we want rather that the error is notified at
> build time.
>
> Maybe a macro like below would be helpful to catch such bugs?
>
> #define COPY_STRING(buf, src) \
> do { \
> if (__builtin_constant_p(src)) \
> BUILD_BUG_ON(strlen(src) >= sizeof(buf)); \
> strcpy(buf, src); \
> } while (0)
>
> and used like:
>
> struct foo {
> char foo[5];
> } x;
>
> COPY_STRING(x.foo, "OK"); // OK
> COPY_STRING(x.foo, "1234567890"); // NG
>
I can do the same thing with Smatch. The smatch check can also find
bugs like this:
buf = kmalloc(10, GFP_KERNEL);
strcpy(buf, "1234567890");
I used smatch to find this bug and 5 others on my allmodconfig w/ staging.
I also found 19 other places that use strcpy() to copy from a large buffer
into a smaller buffer.
Your idea is nice, but I think anyone who deliberately uses the new
macro is not going to have the bug in the first place. ;)
regards,
dan carpenter
>
> Takashi
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
