coverity complains that the subject test may cause dst buffer overrun
problem and it is right. The problem is when __builtin_constant_p (n)
returns true, memcpy_s_inline skips all the errors checking and does the
copy blindly. Please see the code in memcpy_s_inline.
The fix is to skip the subject test when the aformentioned builtin function
returns true.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I50de91cc0c853a134b3bcf3b0cd8d45d7668b092
if (src[i] != dst[i])
return -1;
if (src[i] != dst[i])
return -1;
- /* Size fail */
- err = memcpy_s (dst + 1, sizeof (dst) - 1, src, sizeof (src));
+ /*
+ * Size test: sizeof (src) > sizeof (dst)
+ * Skip this test when __builtin_constant_p (sizeof (src)) is true.
+ * This is because memcpy_s_inline skips all the errors checking when the
+ * the above buildin function returns true which may cause overrun problem
+ * for dst buffer if this test is executed.
+ */
+ if (__builtin_constant_p (sizeof (src)) == 0)
+ {
+ err = memcpy_s (dst + 1, sizeof (dst) - 1, src, sizeof (src));
- if (err == EOK)
- return -1;
+ if (err == EOK)
+ return -1;
+ }
/* overlap fail */
err = memcpy_s (dst, sizeof (dst), dst + 1, sizeof (dst) - 1);
/* overlap fail */
err = memcpy_s (dst, sizeof (dst), dst + 1, sizeof (dst) - 1);