diff options
author | Soby Mathew <soby.mathew@arm.com> | 2018-10-10 13:58:23 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-10 13:58:23 +0100 |
commit | 7c39f6f7725f89ac3161d1d9ab0aac23e9c725fe (patch) | |
tree | 40c37afd9ee71a2ece301f0ed615becb3632c837 /tools | |
parent | c6d1fe954ba0246b201c2c2646d24e49c11367d0 (diff) | |
parent | fd10a0a34e93270731136e7d3f8dbe3fc2dba281 (diff) |
Merge pull request #1489 from teknoraver/master
doimage: get rid of non null terminated strings by strncpy
Diffstat (limited to 'tools')
-rw-r--r-- | tools/doimage/doimage.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/tools/doimage/doimage.c b/tools/doimage/doimage.c index 6fc23d50..82fd375f 100644 --- a/tools/doimage/doimage.c +++ b/tools/doimage/doimage.c @@ -216,7 +216,7 @@ void usage(void) } /* globals */ -options_t opts = { +static options_t opts = { .bin_ext_file = "NA", .sec_cfg_file = "NA", .sec_opts = 0, @@ -1578,9 +1578,9 @@ error: int main(int argc, char *argv[]) { - char in_file[MAX_FILENAME+1]; - char out_file[MAX_FILENAME+1]; - char ext_file[MAX_FILENAME+1]; + char in_file[MAX_FILENAME+1] = { 0 }; + char out_file[MAX_FILENAME+1] = { 0 }; + char ext_file[MAX_FILENAME+1] = { 0 }; FILE *in_fd = NULL; FILE *out_fd = NULL; int parse = 0; @@ -1590,6 +1590,7 @@ int main(int argc, char *argv[]) int image_size; uint8_t *image_buf = NULL; int read; + size_t len; uint32_t nand_block_size_kb, mlc_nand; /* Create temporary file for building extensions @@ -1660,13 +1661,19 @@ int main(int argc, char *argv[]) if (optind >= argc) usage_err("missing input file name"); - strncpy(in_file, argv[optind], MAX_FILENAME); + len = strlen(argv[optind]); + if (len > MAX_FILENAME) + usage_err("file name too long"); + memcpy(in_file, argv[optind], len); optind++; /* Output file must exist in non parse mode */ - if (optind < argc) - strncpy(out_file, argv[optind], MAX_FILENAME); - else if (!parse) + if (optind < argc) { + len = strlen(argv[optind]); + if (len > MAX_FILENAME) + usage_err("file name too long"); + memcpy(out_file, argv[optind], len); + } else if (!parse) usage_err("missing output file name"); /* open the input file */ |