usbvideo: limit the length of string creation

Message ID	4B081D40.9030607@freemail.hu (mailing list archive)
State	Superseded, archived
Headers	Envelope-to: mchehab@infradead.org Delivery-date: Sat, 21 Nov 2009 17:03:07 +0000 Message-ID: <4B081D40.9030607@freemail.hu> Date: Sat, 21 Nov 2009 18:02:56 +0100 From: =?UTF-8?B?TsOpbWV0aCBNw6FydG9u?= <nm127@freemail.hu> User-Agent: Mozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.8.1.21) Gecko/20090402 SeaMonkey/1.1.16 MIME-Version: 1.0 To: Laurent Pinchart <laurent.pinchart@skynet.be>, V4L Mailing List <linux-media@vger.kernel.org> CC: cocci@diku.dk, LKML <linux-kernel@vger.kernel.org> Subject: [PATCH] usbvideo: limit the length of string creation Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-DCC-mail.t-online.hu-Metrics: mail01d.mail.t-online.hu 32711; Body=4 Fuz1=4 Fuz2=4 Sender: linux-media-owner@vger.kernel.org Precedence: bulk

Message ID

4B081D40.9030607@freemail.hu (mailing list archive)

State

Superseded, archived

Headers

Envelope-to: mchehab@infradead.org
Delivery-date: Sat, 21 Nov 2009 17:03:07 +0000
Message-ID: <4B081D40.9030607@freemail.hu>
Date: Sat, 21 Nov 2009 18:02:56 +0100
From: =?UTF-8?B?TsOpbWV0aCBNw6FydG9u?= <nm127@freemail.hu>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; hu-HU;
	rv:1.8.1.21) Gecko/20090402 SeaMonkey/1.1.16
MIME-Version: 1.0
To: Laurent Pinchart <laurent.pinchart@skynet.be>,
	V4L Mailing List <linux-media@vger.kernel.org>
CC: cocci@diku.dk, LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH] usbvideo: limit the length of string creation
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-DCC-mail.t-online.hu-Metrics: mail01d.mail.t-online.hu 32711; Body=4 Fuz1=4
	Fuz2=4
Sender: linux-media-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-media.vger.kernel.org>
X-Mailing-List: linux-media@vger.kernel.org

Commit Message

Németh Márton Nov. 21, 2009, 5:02 p.m. UTC

  From: Márton Németh <nm127@freemail.hu>

Use strlcat() to append a string to the previously created first part.
The strlcat() function limits the size of the string to the whole
destination buffer.

The semantic match that finds this kind of problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression dev;
expression phys;
expression str;
expression size;
@@
 	usb_make_path(dev, phys, size);
-	strncat(phys, str, size);
+	strlcat(phys, str, size);
// </smpl>

Signed-off-by: Márton Németh <nm127@freemail.hu>
---
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Laurent Pinchart Dec. 1, 2009, 11:33 a.m. UTC | #1

On Saturday 21 November 2009 18:02:56 Németh Márton wrote:
> From: Márton Németh <nm127@freemail.hu>
> 
> Use strlcat() to append a string to the previously created first part.
> The strlcat() function limits the size of the string to the whole
> destination buffer.
> 
> The semantic match that finds this kind of problem is as follows:
> (http://coccinelle.lip6.fr/)
> 
> // <smpl>
> @@
> expression dev;
> expression phys;
> expression str;
> expression size;
> @@
>  	usb_make_path(dev, phys, size);
> -	strncat(phys, str, size);
> +	strlcat(phys, str, size);
> // </smpl>
> 
> Signed-off-by: Márton Németh <nm127@freemail.hu>

Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>

diff mbox

Patch

diff -u -p a/drivers/media/video/usbvideo/konicawc.c b/drivers/media/video/usbvideo/konicawc.c
--- a/drivers/media/video/usbvideo/konicawc.c 2009-09-10 00:13:59.000000000 +0200
+++ b/drivers/media/video/usbvideo/konicawc.c 2009-11-21 17:48:52.000000000 +0100
@@ -225,7 +225,7 @@  static void konicawc_register_input(stru
 	int error;

 	usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
-	strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
+	strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));

 	cam->input = input_dev = input_allocate_device();
 	if (!input_dev) {
diff -u -p a/drivers/media/video/usbvideo/quickcam_messenger.c b/drivers/media/video/usbvideo/quickcam_messenger.c
--- a/drivers/media/video/usbvideo/quickcam_messenger.c 2009-09-10 00:13:59.000000000 +0200
+++ b/drivers/media/video/usbvideo/quickcam_messenger.c 2009-11-21 17:48:53.000000000 +0100
@@ -89,7 +89,7 @@  static void qcm_register_input(struct qc
 	int error;

 	usb_make_path(dev, cam->input_physname, sizeof(cam->input_physname));
-	strncat(cam->input_physname, "/input0", sizeof(cam->input_physname));
+	strlcat(cam->input_physname, "/input0", sizeof(cam->input_physname));

 	cam->input = input_dev = input_allocate_device();
 	if (!input_dev) {