commit 2d4d29f5556c9838844378462652c8ec2b400839
author Imre Kis <imre.kis@arm.com> Fri Apr 26 12:57:22 2024 +0200
committer Imre Kis <imre.kis@arm.com> Thu May 02 10:37:23 2024 +0200
tree 117082b59929413f113557a7a2abe8a2fef5b4d8
parent 033d51adc99739418936146f3bd4d6588d9c8e5a

Fix strncpy length in SP config loader

The length parameter of strncpy calls in sp_config_loader.c do not
account for the terminating null character which can cause unterminated
strings and compiler error in release build. Decrease length by one to
solve the issue.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I1540d038482ed1ac98e2c400359516f6fd287086

components/config/loader/sp/sp_config_loader.c

diff --git a/components/config/loader/sp/sp_config_loader.c b/components/config/loader/sp/sp_config_loader.c
index 5c7c552..760326b 100644
--- a/components/config/loader/sp/sp_config_loader.c
+++ b/components/config/loader/sp/sp_config_loader.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: BSD-3-Clause
 /*
- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
  */
 
 #include <common/fdt/fdt_helpers.h>
@@ -34,10 +34,11 @@
 	/* Iterate over the device regions */
 	while ((uintptr_t)d < (value_pair->value + value_pair->size)) {
 
-		struct device_region device_region;
+		struct device_region device_region = { 0 };
 
 		strncpy(device_region.dev_class, d->name,
-			sizeof(device_region.dev_class));
+			sizeof(device_region.dev_class) - 1);
+		device_region.dev_class[sizeof(device_region.dev_class) - 1] = '\0';
 		device_region.dev_instance = 0;
 		device_region.base_addr = d->location;
 		device_region.io_region_size = d->size;
@@ -63,10 +64,11 @@
 	/* Iterate over the device regions */
 	while ((uintptr_t)d < (value_pair->value + value_pair->size)) {
 
-		struct memory_region memory_region;
+		struct memory_region memory_region = { 0 };
 
 		strncpy(memory_region.region_name, d->name,
-			sizeof(memory_region.region_name));
+			sizeof(memory_region.region_name) - 1);
+		memory_region.region_name[sizeof(memory_region.region_name) - 1] = '\0';
 		memory_region.base_addr = d->location;
 		memory_region.region_size = d->size;
 
@@ -155,7 +157,8 @@
 			}
 
 			strncpy(memory_region.region_name, subnode_name,
-				sizeof(memory_region.region_name));
+				sizeof(memory_region.region_name) - 1);
+			memory_region.region_name[sizeof(memory_region.region_name) - 1] = '\0';
 			memory_region.base_addr = (uintptr_t)base_addr;
 			memory_region.region_size = page_cnt * FFA_SP_MANIFEST_PAGE_SIZE;
 
@@ -193,7 +196,8 @@
 			}
 
 			strncpy(device_region.dev_class, subnode_name,
-				sizeof(device_region.dev_class));
+				sizeof(device_region.dev_class) - 1);
+			device_region.dev_class[sizeof(device_region.dev_class) - 1] = '\0';
 			device_region.base_addr = base_addr;
 			device_region.io_region_size = page_cnt * FFA_SP_MANIFEST_PAGE_SIZE;
 			device_region.dev_instance = 0;