From: Simon Glass <sjg@chromium.org>
Date: Mon, 31 Oct 2016 16:21:09 +0000 (-0600)
Subject: image: Protect against overflow in unknown_msg()
X-Git-Tag: v2016.11~28
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ae3de0d8caf1822da076b2cc947ea89a0b560e05;p=u-boot

image: Protect against overflow in unknown_msg()

Coverity complains that this can overflow. If we later increase the size
of one of the strings in the table, it could happen.

Adjust the code to protect against this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150964)
---

diff --git a/common/image.c b/common/image.c
index 0e86c13a88..7604494a56 100644
--- a/common/image.c
+++ b/common/image.c
@@ -587,10 +587,12 @@ const table_entry_t *get_table_entry(const table_entry_t *table, int id)
 
 static const char *unknown_msg(enum ih_category category)
 {
+	static const char unknown_str[] = "Unknown ";
 	static char msg[30];
 
-	strcpy(msg, "Unknown ");
-	strcat(msg, table_info[category].desc);
+	strcpy(msg, unknown_str);
+	strncat(msg, table_info[category].desc,
+		sizeof(msg) - sizeof(unknown_str));
 
 	return msg;
 }