--- /dev/null
+From 6707ba0105a2d350710bc0a537a98f49eb4b895d Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 29 Mar 2018 00:06:10 +0200
+Subject: ath10k: avoid possible string overflow
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream.
+
+The way that 'strncat' is used here raised a warning in gcc-8:
+
+drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
+drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
+
+Effectively, this is simply a strcat() but the use of strncat() suggests
+some form of overflow check. Regardless of whether this might actually
+overflow, using strlcat() instead of strncat() avoids the warning and
+makes the code more robust.
+
+Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ath/ath10k/wmi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath10k/wmi.c
++++ b/drivers/net/wireless/ath/ath10k/wmi.c
+@@ -4309,7 +4309,7 @@ static void ath10k_tpc_config_disp_table
+ rate_code[i],
+ type);
+ snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
+- strncat(tpc_value, buff, strlen(buff));
++ strlcat(tpc_value, buff, sizeof(tpc_value));
+ }
+ tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
+ tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];
projects / thirdparty / kernel / stable-queue.git / commitdiff
