diff options
| author | Arnd Bergmann <[email protected]> | 2017-08-23 13:59:49 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2017-08-24 21:00:57 +0000 |
| commit | e58f95831e7468d25eb6e41f234842ecfe6f014f (patch) | |
| tree | 2d2bab04eac5d1b5fe1c1d3a84a7ae37320aec45 /net/tipc | |
| parent | virtio_net: be drop monitor friendly (diff) | |
| download | kernel-e58f95831e7468d25eb6e41f234842ecfe6f014f.tar.gz kernel-e58f95831e7468d25eb6e41f234842ecfe6f014f.zip | |
qlge: avoid memcpy buffer overflow
gcc-8.0.0 (snapshot) points out that we copy a variable-length string
into a fixed length field using memcpy() with the destination length,
and that ends up copying whatever follows the string:
inlined from 'ql_core_dump' at drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:1106:2:
drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:708:2: error: 'memcpy' reading 15 bytes from a region of size 14 [-Werror=stringop-overflow=]
memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
Changing it to use strncpy() will instead zero-pad the destination,
which seems to be the right thing to do here.
The bug is probably harmless, but it seems like a good idea to address
it in stable kernels as well, if only for the purpose of building with
gcc-8 without warnings.
Fixes: a61f80261306 ("qlge: Add ethtool register dump function.")
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'net/tipc')
0 files changed, 0 insertions, 0 deletions