Re: [PATCH] tools/x86/kcpuid: bound CSV field copies to avoid overflow

Next message: Prabhakar: "[PATCH v4 1/4] dt-bindings: PCI: renesas,r9a08g045-pcie: Add RZ/V2H(P) support"
Previous message: Heiko Stuebner: " Re: [PATCH v2 01/12] drm/bridge: synopsys: dw-dp: Support unregistering the AUX channel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Tue Jun 02 2026 - 15:51:20 EST

On Sat, May 02, 2026 at 03:10:30PM -0700, rafad900 wrote:
> I added bounded copies of the bit descriptions to avoid possible
> overflows. I tested by compiling the tool and scp into qemu along with
> the .csv file. Then ran the tool and saw no errors
>
> Signed-off-by: rafad900 <19312533+rafad900@xxxxxxxxxxxxxxxxxxxxxxxx>

Please read this here to know how to prepare x86 kernel patches and their format:

https://docs.kernel.org/process/maintainer-tip.html

Also:

https://docs.kernel.org/process/index.html

for a general idea.

> ---
> tools/arch/x86/kcpuid/kcpuid.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/arch/x86/kcpuid/kcpuid.c b/tools/arch/x86/kcpuid/kcpuid.c
> index 7dc6b9235d02..c17dbcf453eb 100644
> --- a/tools/arch/x86/kcpuid/kcpuid.c
> +++ b/tools/arch/x86/kcpuid/kcpuid.c
> @@ -415,8 +415,8 @@ static void parse_line(char *line)
>
> bdesc->end = bit_end;
> bdesc->start = bit_start;
> - strcpy(bdesc->simp, strtok(tokens[4], " \t"));
> - strcpy(bdesc->detail, tokens[5]);
> + strncpy(bdesc->simp, strtok(tokens[4], " \t"), sizeof(bdesc->simp) - 1);
> + strncpy(bdesc->detail, tokens[5], sizeof(bdesc->detail) - 1);

That's better but your bdesc buffers still contain stack garbage and nothing
NUL-terminates those strings.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette