]>
Commit | Line | Data |
---|---|---|
045f164e GKH |
1 | From 6707ba0105a2d350710bc0a537a98f49eb4b895d Mon Sep 17 00:00:00 2001 |
2 | From: Arnd Bergmann <arnd@arndb.de> | |
3 | Date: Thu, 29 Mar 2018 00:06:10 +0200 | |
4 | Subject: ath10k: avoid possible string overflow | |
5 | ||
6 | From: Arnd Bergmann <arnd@arndb.de> | |
7 | ||
8 | commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream. | |
9 | ||
10 | The way that 'strncat' is used here raised a warning in gcc-8: | |
11 | ||
12 | drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables': | |
13 | drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] | |
14 | ||
15 | Effectively, this is simply a strcat() but the use of strncat() suggests | |
16 | some form of overflow check. Regardless of whether this might actually | |
17 | overflow, using strlcat() instead of strncat() avoids the warning and | |
18 | makes the code more robust. | |
19 | ||
20 | Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants") | |
21 | Signed-off-by: Arnd Bergmann <arnd@arndb.de> | |
22 | Signed-off-by: Kalle Valo <kvalo@codeaurora.org> | |
23 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
24 | ||
25 | --- | |
26 | drivers/net/wireless/ath/ath10k/wmi.c | 2 +- | |
27 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
28 | ||
29 | --- a/drivers/net/wireless/ath/ath10k/wmi.c | |
30 | +++ b/drivers/net/wireless/ath/ath10k/wmi.c | |
31 | @@ -4065,7 +4065,7 @@ static void ath10k_tpc_config_disp_table | |
32 | rate_code[i], | |
33 | type); | |
34 | snprintf(buff, sizeof(buff), "%8d ", tpc[j]); | |
35 | - strncat(tpc_value, buff, strlen(buff)); | |
36 | + strlcat(tpc_value, buff, sizeof(tpc_value)); | |
37 | } | |
38 | tpc_stats->tpc_table[type].pream_idx[i] = pream_idx; | |
39 | tpc_stats->tpc_table[type].rate_code[i] = rate_code[i]; |