Commit 2da55390 authored Jun 20, 2017 by Arnd Bergmann Committed by David S. Miller Jun 22, 2017

net: phy: smsc: fix buffer overflow in memcpy



The memcpy annotation triggers for a fixed-length buffer copy:

In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
                 from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
                 from /git/arm-soc/include/linux/spinlock.h:87,
                 from /git/arm-soc/include/linux/seqlock.h:35,
                 from /git/arm-soc/include/linux/time.h:5,
                 from /git/arm-soc/include/linux/stat.h:21,
                 from /git/arm-soc/include/linux/module.h:10,
                 from /git/arm-soc/drivers/net/phy/smsc.c:20:
In function 'memcpy',
    inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
/git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter

Using strncpy instead of memcpy should do the right thing here.

Fixes: 030a8902 ("net: phy: smsc: Implement PHY statistics")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent bbad7c21

drivers/net/phy/smsc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -163,7 +163,7 @@ static void smsc_get_strings(struct phy_device phydev, u8 data)
		int i;

		for (i = 0; i < ARRAY_SIZE(smsc_hw_stats); i++) {
		memcpy(data + i * ETH_GSTRING_LEN,
		strncpy(data + i * ETH_GSTRING_LEN,
		smsc_hw_stats[i].string, ETH_GSTRING_LEN);
		}
		}

Admin message