[coreboot-gerrit] New patch to review for coreboot: libpayload: ata: check that ata_strncpy actually works correctly
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Wed Jan 4 22:35:09 CET 2017
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18037
-gerrit
commit 057835d47f9d247ce85c3b4ed068ccba3c86d419
Author: Patrick Georgi <pgeorgi at chromium.org>
Date: Wed Jan 4 22:31:22 2017 +0100
libpayload: ata: check that ata_strncpy actually works correctly
Change-Id: Icc3bfb3de57f0b8cd8d708aa3f8bb3f988b4008d
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Found-by: Coverity Scan #1260717, #1260739, #1261099, #1261106
---
payloads/libpayload/drivers/storage/ata.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/payloads/libpayload/drivers/storage/ata.c b/payloads/libpayload/drivers/storage/ata.c
index 80178c3..799df6a 100644
--- a/payloads/libpayload/drivers/storage/ata.c
+++ b/payloads/libpayload/drivers/storage/ata.c
@@ -28,6 +28,7 @@
*/
#include <libpayload.h>
+#include <assert.h>
#include <stdint.h>
#include <string.h>
#include <stdio.h>
@@ -186,6 +187,12 @@ char *ata_strncpy(char *const dest, const u16 *const src, const size_t n)
{
int i;
+ /* This is what the code below expects:
+ * a positive and even number of characters
+ */
+ assert(n > 0);
+ assert(n % 2 == 0);
+
for (i = 0; i < (n - 1); i += 2) {
dest[i] = ((const char *)src)[i + 1];
dest[i + 1] = ((const char *)src)[i];
More information about the coreboot-gerrit
mailing list