On 03/02/2018 02:51 AM, David Laight wrote:
> From: Florian Fainelli
>> Do not use memcpy() which is not safe, but instead use strncpy() which
>> will make sure that the string is NUL terminated (in the Linux
>> implementation) if the string is smaller than the length specified. This
>> fixes KASAN out of bounds warnings while fetching port statistics.
> You really ought to use a copy function that will truncate the
> string if it is too long.
> Just assuming the string isn't too long is asking for trouble.
> You might (almost) just use strcpy().
> strlcpy() will probably work best here.

Right, or if we actually do size the statistics string to be
ETH_GSTRING_LEN bytes, memcpy() can be used, provided that the strings
are initialized correctly (which they are).

Reply via email to