• Arnd Bergmann's avatar
    net: cxgb4: avoid memcpy beyond end of source buffer · 1a91649f
    Arnd Bergmann authored
    Building with link-time-optimizations revealed that the cxgb4 driver does
    a fixed-size memcpy() from a variable-length constant string into the
    network interface name:
    
    In function 'memcpy',
        inlined from 'cfg_queues_uld.constprop' at drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:335:2,
        inlined from 'cxgb4_register_uld.constprop' at drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:719:9:
    include/linux/string.h:350:3: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
       __read_overflow2();
       ^
    
    I can see two equally workable solutions: either we use a strncpy() instead
    of the memcpy() to stop at the end of the input, or we make the source buffer
    fixed length as well. This implements the latter.
    Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    1a91649f
cxgb4_uld.h 13.8 KB