From 4fadb26574cb74e5de079dd384f25f44f4fb3ec3 Mon Sep 17 00:00:00 2001 From: Niklas Cassel Date: Wed, 29 Aug 2018 09:57:22 +0200 Subject: soc: qcom: apr: Avoid string overflow 'adev->name' is used as a NUL-terminated string, but using strncpy() with the length equal to the buffer size may result in lack of the termination: In function 'apr_add_device', inlined from 'of_register_apr_devices' at drivers//soc/qcom/apr.c:264:7, inlined from 'apr_probe' at drivers//soc/qcom/apr.c:290:2: drivers//soc/qcom/apr.c:222:3: warning: 'strncpy' specified bound 32 equals destination size [-Wstringop-truncation] strncpy(adev->name, np->name, APR_NAME_SIZE); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This changes it to use the safer strscpy() instead. Signed-off-by: Niklas Cassel Reviewed-by: Bjorn Andersson Signed-off-by: Andy Gross --- drivers/soc/qcom/apr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/soc') diff --git a/drivers/soc/qcom/apr.c b/drivers/soc/qcom/apr.c index 7f8c4c096ad2..716762d59c1f 100644 --- a/drivers/soc/qcom/apr.c +++ b/drivers/soc/qcom/apr.c @@ -219,9 +219,9 @@ static int apr_add_device(struct device *dev, struct device_node *np, adev->domain_id = id->domain_id; adev->version = id->svc_version; if (np) - strncpy(adev->name, np->name, APR_NAME_SIZE); + strscpy(adev->name, np->name, APR_NAME_SIZE); else - strncpy(adev->name, id->name, APR_NAME_SIZE); + strscpy(adev->name, id->name, APR_NAME_SIZE); dev_set_name(&adev->dev, "aprsvc:%s:%x:%x", adev->name, id->domain_id, id->svc_id); -- cgit v1.2.1