Commit 4fadb265 authored by Niklas Cassel's avatar Niklas Cassel Committed by Andy Gross

soc: qcom: apr: Avoid string overflow

'adev->name' is used as a NUL-terminated string, but using strncpy() with the
length equal to the buffer size may result in lack of the termination:

In function 'apr_add_device',
    inlined from 'of_register_apr_devices' at drivers//soc/qcom/apr.c:264:7,
    inlined from 'apr_probe' at drivers//soc/qcom/apr.c:290:2:
drivers//soc/qcom/apr.c:222:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation]
   strncpy(adev->name, np->name, APR_NAME_SIZE);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This changes it to use the safer strscpy() instead.
Signed-off-by: default avatarNiklas Cassel <niklas.cassel@linaro.org>
Reviewed-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: default avatarAndy Gross <andy.gross@linaro.org>
parent 4c96ed17
...@@ -219,9 +219,9 @@ static int apr_add_device(struct device *dev, struct device_node *np, ...@@ -219,9 +219,9 @@ static int apr_add_device(struct device *dev, struct device_node *np,
adev->domain_id = id->domain_id; adev->domain_id = id->domain_id;
adev->version = id->svc_version; adev->version = id->svc_version;
if (np) if (np)
strncpy(adev->name, np->name, APR_NAME_SIZE); strscpy(adev->name, np->name, APR_NAME_SIZE);
else else
strncpy(adev->name, id->name, APR_NAME_SIZE); strscpy(adev->name, id->name, APR_NAME_SIZE);
dev_set_name(&adev->dev, "aprsvc:%s:%x:%x", adev->name, dev_set_name(&adev->dev, "aprsvc:%s:%x:%x", adev->name,
id->domain_id, id->svc_id); id->domain_id, id->svc_id);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment