33fcedfac8
In the riscv virt machine init function, We assemble a string plic_hart_config which is a comma-separated list of N copies of the VIRT_PLIC_HART_CONFIG string. The code that does this has a misunderstanding of the strncat() length argument. If the source string is too large strncat() will write a maximum of length+1 bytes (length bytes from the source string plus a trailing NUL), but the code here assumes that it will write only length bytes at most. This isn't an actual bug because the code has correctly precalculated the amount of memory it needs to allocate so that it will never be too small (i.e. we could have used plain old strcat()), but it does mean that the code looks like it has a guard against accidental overrun when it doesn't. Rewrite the string handling here to use the glib g_strjoinv() function, which means we don't need to do careful accountancy of string lengths, and makes it clearer that what we're doing is "create a comma-separated string". Fixes: Coverity 1460752 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20210812144647.10516-1-peter.maydell@linaro.org Signed-off-by: Alistair Francis <alistair.francis@wdc.com> |
||
|---|---|---|
| .. | ||
| boot.c | ||
| Kconfig | ||
| meson.build | ||
| microchip_pfsoc.c | ||
| numa.c | ||
| opentitan.c | ||
| riscv_hart.c | ||
| shakti_c.c | ||
| sifive_e.c | ||
| sifive_u.c | ||
| spike.c | ||
| virt.c | ||