Commit e7a0098
hal/hisi: fix strcpy-param-overlap in get_hisi_sdk (UB, caught by ASAN) (#173)
get_hisi_sdk() reformats the /proc/umap/sys version line into
"<version> (<build time>)". line_from_file() returns the *greedy* capture
of `Version: \[(.+)\]`, so on a typical Hisilicon line such as
[SYS] Version: [Hi3516CV500_MPP_V2.0.2.1 B030 Release], Build Time[May 28 2020, 11:04:35]
buf ends up spanning BOTH brackets. The code overwrites the first ']' with
" (" and then splices the build time in via strcpy(ptr, build + 1) -- but
build+1 and ptr alias the same buffer, so that is an overlapping copy.
strcpy() with overlapping ranges is undefined behaviour; it only happens to
produce the right string on glibc because the copy direction reads before it
writes. AddressSanitizer aborts on it (strcpy-param-overlap), and a different
libc/arch could silently corrupt the string.
Use memmove(), which is well-defined for overlap and yields the identical
"<version> (<build time>)" result.
Found by running an ASAN-instrumented build on a live Hi3516CV500 (glibc)
camera; after the fix the full run completes ASAN-clean with
sdk: "Hi3516CV500_MPP_V2.0.2.1 B030 Release (May 28 2020, 11:04:35)".
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 5972354 commit e7a0098
1 file changed
Lines changed: 6 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
474 | 474 | | |
475 | 475 | | |
476 | 476 | | |
477 | | - | |
| 477 | + | |
| 478 | + | |
| 479 | + | |
| 480 | + | |
| 481 | + | |
| 482 | + | |
478 | 483 | | |
479 | 484 | | |
480 | 485 | | |
| |||
0 commit comments