From: Arnd Bergmann <a...@arndb.de>
Date: Fri,  2 Feb 2018 16:18:37 +0100

> Building with link-time-optimizations revealed that the cxgb4 driver does
> a fixed-size memcpy() from a variable-length constant string into the
> network interface name:
> 
> In function 'memcpy',
>     inlined from 'cfg_queues_uld.constprop' at 
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:335:2,
>     inlined from 'cxgb4_register_uld.constprop' at 
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c:719:9:
> include/linux/string.h:350:3: error: call to '__read_overflow2' declared with 
> attribute error: detected read beyond size of object passed as 2nd parameter
>    __read_overflow2();
>    ^
> 
> I can see two equally workable solutions: either we use a strncpy() instead
> of the memcpy() to stop at the end of the input, or we make the source buffer
> fixed length as well. This implements the latter.
> 
> Signed-off-by: Arnd Bergmann <a...@arndb.de>

Not the most pleasant thing in the world, but I can't think of a better
solution.

> @@ -355,7 +355,7 @@ struct cxgb4_lld_info {
>  };
>  
>  struct cxgb4_uld_info {
> -     const char *name;
> +     char name[IFNAMSIZ];
>       void *handle;
>       unsigned int nrxq;
>       unsigned int rxq_size;

David Laight asked how this can be the sole part of the patch.

All of these structures are initialized like:

static struct cxgb4_uld_info {
        .name   = "foo",
        ...
};

So changing from "const char *" to "char []" just works.

Reply via email to