From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH] net: cxgb4: avoid memcpy beyond end of source buffer Date: Fri, 02 Feb 2018 19:33:24 -0500 (EST) Message-ID: <20180202.193324.255250279487626556.davem@davemloft.net> References: <20180202151849.808610-1-arnd@arndb.de> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: ganeshgr@chelsio.com, nico@linaro.org, ak@linux.intel.com, herbert@gondor.apana.org.au, rahul.lakkireddy@chelsio.com, kumaras@chelsio.com, harsh@chelsio.com, atul.gupta@chelsio.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org To: arnd@arndb.de Return-path: In-Reply-To: <20180202151849.808610-1-arnd@arndb.de> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org From: Arnd Bergmann Date: Fri, 2 Feb 2018 16:18:37 +0100 > Building with link-time-optimizations revealed that the cxgb4 driver does > a fixed-size memcpy() from a variable-length constant string into the > network interface name: > > In function 'memcpy', > inlined from 'cfg_queues_uld.constprop' at drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:335:2, > inlined from 'cxgb4_register_uld.constprop' at drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:719:9: > include/linux/string.h:350:3: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter > __read_overflow2(); > ^ > > I can see two equally workable solutions: either we use a strncpy() instead > of the memcpy() to stop at the end of the input, or we make the source buffer > fixed length as well. This implements the latter. > > Signed-off-by: Arnd Bergmann Not the most pleasant thing in the world, but I can't think of a better solution. > @@ -355,7 +355,7 @@ struct cxgb4_lld_info { > }; > > struct cxgb4_uld_info { > - const char *name; > + char name[IFNAMSIZ]; > void *handle; > unsigned int nrxq; > unsigned int rxq_size; David Laight asked how this can be the sole part of the patch. All of these structures are initialized like: static struct cxgb4_uld_info { .name = "foo", ... }; So changing from "const char *" to "char []" just works.