Patrick Georgi (pgeorgi@google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18037
-gerrit
commit 057835d47f9d247ce85c3b4ed068ccba3c86d419 Author: Patrick Georgi pgeorgi@chromium.org Date: Wed Jan 4 22:31:22 2017 +0100
libpayload: ata: check that ata_strncpy actually works correctly
Change-Id: Icc3bfb3de57f0b8cd8d708aa3f8bb3f988b4008d Signed-off-by: Patrick Georgi pgeorgi@chromium.org Found-by: Coverity Scan #1260717, #1260739, #1261099, #1261106 --- payloads/libpayload/drivers/storage/ata.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/payloads/libpayload/drivers/storage/ata.c b/payloads/libpayload/drivers/storage/ata.c index 80178c3..799df6a 100644 --- a/payloads/libpayload/drivers/storage/ata.c +++ b/payloads/libpayload/drivers/storage/ata.c @@ -28,6 +28,7 @@ */
#include <libpayload.h> +#include <assert.h> #include <stdint.h> #include <string.h> #include <stdio.h> @@ -186,6 +187,12 @@ char *ata_strncpy(char *const dest, const u16 *const src, const size_t n) { int i;
+ /* This is what the code below expects: + * a positive and even number of characters + */ + assert(n > 0); + assert(n % 2 == 0); + for (i = 0; i < (n - 1); i += 2) { dest[i] = ((const char *)src)[i + 1]; dest[i + 1] = ((const char *)src)[i];