net: phy: smsc: fix buffer overflow in memcpy
authorArnd Bergmann <arnd@arndb.de>
Tue, 20 Jun 2017 20:40:46 +0000 (22:40 +0200)
committerDavid S. Miller <davem@davemloft.net>
Thu, 22 Jun 2017 15:12:31 +0000 (11:12 -0400)
The memcpy annotation triggers for a fixed-length buffer copy:

In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0,
                 from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21,
                 from /git/arm-soc/include/linux/spinlock.h:87,
                 from /git/arm-soc/include/linux/seqlock.h:35,
                 from /git/arm-soc/include/linux/time.h:5,
                 from /git/arm-soc/include/linux/stat.h:21,
                 from /git/arm-soc/include/linux/module.h:10,
                 from /git/arm-soc/drivers/net/phy/smsc.c:20:
In function 'memcpy',
    inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3:
/git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter

Using strncpy instead of memcpy should do the right thing here.

Fixes: 030a89028db0 ("net: phy: smsc: Implement PHY statistics")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/phy/smsc.c

index 1b8204be064c27937f56f8669f3595dfc2a0b6bc..2306bfae057f01ea7f2eabae84475aae13c44859 100644 (file)
@@ -163,7 +163,7 @@ static void smsc_get_strings(struct phy_device *phydev, u8 *data)
        int i;
 
        for (i = 0; i < ARRAY_SIZE(smsc_hw_stats); i++) {
-               memcpy(data + i * ETH_GSTRING_LEN,
+               strncpy(data + i * ETH_GSTRING_LEN,
                       smsc_hw_stats[i].string, ETH_GSTRING_LEN);
        }
 }