mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

net: phy: smsc: fix buffer overflow in memcpy 

The memcpy annotation triggers for a fixed-length buffer copy:

In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
                 from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
                 from /git/arm-soc/include/linux/spinlock.h:87,
                 from /git/arm-soc/include/linux/seqlock.h:35,
                 from /git/arm-soc/include/linux/time.h:5,
                 from /git/arm-soc/include/linux/stat.h:21,
                 from /git/arm-soc/include/linux/module.h:10,
                 from /git/arm-soc/drivers/net/phy/smsc.c:20:
In function 'memcpy',
    inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
/git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter

Using strncpy instead of memcpy should do the right thing here.

Fixes: 030a89028d ("net: phy: smsc: Implement PHY statistics")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Arnd Bergmann 2017-06-20 22:40:46 +02:00 committed by David S. Miller
parent bbad7c2138
commit 2da55390a9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/phy/smsc.c
View File

@ -163,7 +163,7 @@ static void smsc_get_strings(struct phy_device *phydev, u8 *data)
int i;
for (i = 0; i < ARRAY_SIZE(smsc_hw_stats); i++) {
memcpy(data + i * ETH_GSTRING_LEN,
strncpy(data + i * ETH_GSTRING_LEN,
smsc_hw_stats[i].string, ETH_GSTRING_LEN);
}
}