The use of strcpy() to remove characters at the start of a string is safe
in U-Boot, since we know the implementation. But in os.c we are using the
C library's strcpy() function, where this behaviour is not permitted.
Update the code to use memmove() instead.
Reported-by: Coverity (CID: 173279)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
}
/* Look for 'u-boot' in the parent directory of spl/ */
- p = strstr(fname, "/spl/");
+ p = strstr(fname, "spl/");
if (p) {
- strcpy(p, p + 4);
+ /* Remove the "spl" characters */
+ memmove(p, p + 4, strlen(p + 4) + 1);
fd = os_open(fname, O_RDONLY);
if (fd >= 0) {
close(fd);