1. Patchew
  2. linux
  3. View series

[PATCH] tools/x86/kcpuid: bound CSV field copies to avoid overflow

rafad900 posted 1 patch 1 month, 1 week ago 
tools/arch/x86/kcpuid/kcpuid.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] tools/x86/kcpuid: bound CSV field copies to avoid overflow
Posted by rafad900 1 month, 1 week ago 
I added bounded copies of the bit descriptions to avoid possible
overflows. I tested by compiling the tool and scp into qemu along with
the .csv file. Then ran the tool and saw no errors

Signed-off-by: rafad900 <19312533+rafad900@users.noreply.github.com>
---
 tools/arch/x86/kcpuid/kcpuid.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/arch/x86/kcpuid/kcpuid.c b/tools/arch/x86/kcpuid/kcpuid.c
index 7dc6b9235d02..c17dbcf453eb 100644
--- a/tools/arch/x86/kcpuid/kcpuid.c
+++ b/tools/arch/x86/kcpuid/kcpuid.c
@@ -415,8 +415,8 @@ static void parse_line(char *line)
 
 		bdesc->end = bit_end;
 		bdesc->start = bit_start;
-		strcpy(bdesc->simp, strtok(tokens[4], " \t"));
-		strcpy(bdesc->detail, tokens[5]);
+		strncpy(bdesc->simp, strtok(tokens[4], " \t"), sizeof(bdesc->simp) - 1);
+		strncpy(bdesc->detail, tokens[5], sizeof(bdesc->detail) - 1);
 	}
 	return;
 
-- 
2.43.0
Re: [PATCH] tools/x86/kcpuid: bound CSV field copies to avoid overflow
Posted by Borislav Petkov 1 week, 4 days ago 
On Sat, May 02, 2026 at 03:10:30PM -0700, rafad900 wrote:
> I added bounded copies of the bit descriptions to avoid possible
> overflows. I tested by compiling the tool and scp into qemu along with
> the .csv file. Then ran the tool and saw no errors
> 
> Signed-off-by: rafad900 <19312533+rafad900@users.noreply.github.com>

Please read this here to know how to prepare x86 kernel patches and their format:

https://docs.kernel.org/process/maintainer-tip.html

Also:

https://docs.kernel.org/process/index.html

for a general idea.

> ---
>  tools/arch/x86/kcpuid/kcpuid.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/arch/x86/kcpuid/kcpuid.c b/tools/arch/x86/kcpuid/kcpuid.c
> index 7dc6b9235d02..c17dbcf453eb 100644
> --- a/tools/arch/x86/kcpuid/kcpuid.c
> +++ b/tools/arch/x86/kcpuid/kcpuid.c
> @@ -415,8 +415,8 @@ static void parse_line(char *line)
>  
>  		bdesc->end = bit_end;
>  		bdesc->start = bit_start;
> -		strcpy(bdesc->simp, strtok(tokens[4], " \t"));
> -		strcpy(bdesc->detail, tokens[5]);
> +		strncpy(bdesc->simp, strtok(tokens[4], " \t"), sizeof(bdesc->simp) - 1);
> +		strncpy(bdesc->detail, tokens[5], sizeof(bdesc->detail) - 1);

That's better but your bdesc buffers still contain stack garbage and nothing
NUL-terminates those strings.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.