mirror of
git://nv-tegra.nvidia.com/linux-nvgpu.git
synced 2025-12-22 17:36:20 +03:00
849433f66c
When building NVGPU with the GCC -Werror=sizeof-pointer-memaccess
warning enabled, the following error is seen ...
drivers/gpu/nvgpu/common/mm/as.c: In function ‘gk20a_vm_alloc_share’:
drivers/gpu/nvgpu/common/mm/as.c:131:33: error: argument to ‘sizeof’
in ‘strncpy’ call is the same expression as the source; did you
mean to use the size of the destination?
[-Werror=sizeof-pointer-memaccess]
131 | p = strncpy(name, "as_", sizeof("as_"));
| ^
This is caused because the source buffer is passed to sizeof instead of
the destination. This could cause a buffer overflow if the source is
larger than the destination buffer.
Looking at the code further, there is another problem and that is that
after copying the string 'as_' to the 'name' buffer, the pointer 'p'
returned by strncpy is then used as the address to append an unsigned
integer to the string 'as_'. However, the pointer returned by strncpy
is actually the same address as pointed to by 'name'. Therefore, the
prefix 'as_' is actually overwritten by the call to nvgpu_strnadd_u32.
Fix these issues by initialising 'name' buffer to 'as_' statically and
then set the pointer 'p' to the offset in the 'name' buffer that
follows the prefix 'as_'. This removes the need to use strncpy at all
and simplifies the code.
Bug 200689205
Change-Id: Ia9f0c634dc5a6dada088756cdae8c3dd688dcc48
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2465814
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Sagar Kamble <skamble@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-misra <svc-mobile-misra@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: Alex Waterman <alexw@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
GVS: Gerrit_Virtual_Submit
5.8 KiB
5.8 KiB