review.tizen.org Git - profile/common/platform/kernel/linux-artik7.git/commit

author	Arnd Bergmann <arnd@arndb.de>
	Wed, 23 Aug 2017 13:59:49 +0000 (15:59 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 27 Sep 2017 09:00:11 +0000 (11:00 +0200)
commit	6d8c8fd1c4c71fac291e7243becf2de11c82c216
tree	1fbd6bad5954089a238994049c8896125c9616f6	tree \| snapshot
parent	354d36b746c3fdde7397409ce79ca89a2da2fbce	commit \| diff

qlge: avoid memcpy buffer overflow

[ Upstream commit e58f95831e7468d25eb6e41f234842ecfe6f014f ]

gcc-8.0.0 (snapshot) points out that we copy a variable-length string
into a fixed length field using memcpy() with the destination length,
and that ends up copying whatever follows the string:

inlined from 'ql_core_dump' at drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:1106:2:
drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:708:2: error: 'memcpy' reading 15 bytes from a region of size 14 [-Werror=stringop-overflow=]
memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);

Changing it to use strncpy() will instead zero-pad the destination,
which seems to be the right thing to do here.

The bug is probably harmless, but it seems like a good idea to address
it in stable kernels as well, if only for the purpose of building with
gcc-8 without warnings.

Fixes: a61f80261306 ("qlge: Add ethtool register dump function.")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>