Hi Ajay, thanks for your review. On Mon, 2021-11-15 at 12:39 +0530, Ajay Garg wrote: > Hi Bean. > > > - strncpy(lbuf, > > (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8); > > + memcpy(lbuf, > > (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8); > > + lbuf[8] = '\0'; > > Above copies exactly 8 bytes, without any regard to the sizes of > destination-buffer (lbuf) or source-buffer (ext_csd). Thus, there are > high chances of overflow/underflow/out-of-bounds. > I don't understand how above memcpy() overflow/underflow/out-of-bounds? would you please provide more specific reason? memcpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8); here lbuf is a char array lbuf[10], and ext_csd is a __u8 array, __u8 ext_csd[512]. > If ext_csd contains, say a string 5 characters long, you would want > to > copy 6 characters (5 for length, 1 for null-terminator). > > I guess you are trying to copy as-many-bytes as possible to lbuf, > including the null-character. > Thus, strlcpy/strscpy should be used here. > > Something like : > > strlcpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], > sizeof(lbuf)); > or > strscpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], > sizeof(lbuf)); > > Note that you do not need to worry about putting the null-terminator. > strlcpy/strscpy already take care of that for you. > Yes, but please remember that mmc-utils is mainly used for embedded platforms, they are not easy/inconvenient to update to the latest library to support these two APIs(strlcpy needs libbsd-dev, and strscpy needs some one else.). If we use strlcpy or strscpy, mmc-utils will not be portable. Do you know any other API that can be used and make code more portable and simpler? Kind regards, Bean > > Thanks and Regards, > Ajay
