| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3d8bf8b5-d8b9-4621-bd82-e51e844fd2d2@moroto.mountain> Date: Tue, 9 Apr 2024 10:10:55 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Arnd Bergmann <arnd@...nel.org> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Nathan Chancellor <nathan@...nel.org>, Justin Stitt <justinstitt@...gle.com>, Arnd Bergmann <arnd@...db.de>, Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, Franziska Naepelt <franziska.naepelt@...glemail.com>, Johannes Berg <johannes.berg@...el.com>, Jeff Johnson <quic_jjohnson@...cinc.com>, Aloka Dixit <quic_alokad@...cinc.com>, Erick Archer <erick.archer@....com>, Yang Yingliang <yangyingliang@...wei.com>, linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH 2/3] [v2] staging: rtl8723bs: convert strncpy to strscpy On Mon, Apr 08, 2024 at 09:48:10PM +0200, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@...db.de> > > gcc-9 complains about a possibly unterminated string in the strncpy() destination: > > In function 'rtw_cfg80211_add_monitor_if', > inlined from 'cfg80211_rtw_add_virtual_intf' at drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:2209:9: > drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c:2146:2: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation] > 2146 | strncpy(mon_ndev->name, name, IFNAMSIZ); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > This one is a false-positive because of the explicit termination in the following > line, and recent versions of clang and gcc no longer warn about this. > > Interestingly, the other strncpy() in this file is missing a termination but > does not produce a warning, possibly because of the type confusion and the > cast between u8 and char. > > Change both strncpy() instances to strscpy(), which avoids the warning as well > as the possibly missing termination. No additional padding is needed here. > > Signed-off-by: Arnd Bergmann <arnd@...db.de> > --- > v2: > use the two-argument version of strscpy(), which is simpler for the constant > size destination. Add the third instance in this driver as well. Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org> regards, dan carpenter
Powered by blists - more mailing lists