From 30fdd8c11f2580322465c8ef7125a1398b7eaac4 Mon Sep 17 00:00:00 2001
From: Ji Luo <ji.luo@nxp.com>
Date: Mon, 3 Aug 2020 18:31:36 +0800
Subject: [PATCH] LF-1850 fastboot: Fix buffer not null terminated

Fix Coverity Issue 3351934. Calling strncpy() with the size shorter
than the source string and would cause null-terminate dest buffer.

Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: I1e71fb584eb8f10a90ec87564cc49b7f9388c3de
(cherry picked from commit 0c408158af2592f34ed4ecc7c6a30db5c8676ffe)
---
 drivers/fastboot/fb_fsl/fastboot_lock_unlock.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c b/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
index 496d4c02a1..afe9302344 100644
--- a/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
+++ b/drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
@@ -122,9 +122,9 @@ static FbLockState decrypt_lock_store(unsigned char* bdata) {
 }
 static inline int encrypt_lock_store(FbLockState lock, unsigned char* bdata) {
 	if (FASTBOOT_LOCK == lock)
-		strncpy((char *)bdata, "locked", strlen("locked"));
+		strncpy((char *)bdata, "locked", strlen("locked") + 1);
 	else if (FASTBOOT_UNLOCK == lock)
-		strncpy((char *)bdata, "unlocked", strlen("unlocked"));
+		strncpy((char *)bdata, "unlocked", strlen("unlocked") + 1);
 	else
 		return -1;
 	return 0;
-- 
2.17.1