All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ath10k: avoid possible string overflow
@ 2018-03-28 22:06 ` Arnd Bergmann
  0 siblings, 0 replies; 5+ messages in thread
From: Arnd Bergmann @ 2018-03-28 22:06 UTC (permalink / raw)
  To: Kalle Valo
  Cc: Arnd Bergmann, Manikanta Pubbisetty, Anilkumar Kolli, Carl Huang,
	Gustavo A. R. Silva, Johannes Berg, Maharaja Kennadyrajan,
	ath10k, linux-wireless, netdev, linux-kernel

The way that 'strncat' is used here raised a warning in gcc-8:

drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]

Effectively, this is simply a strcat() but the use of strncat() suggests
some form of overflow check. Regardless of whether this might actually
overflow, using strlcat() instead of strncat() avoids the warning and
makes the code more robust.

Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/net/wireless/ath/ath10k/wmi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c
index 9649bb752bbd..42522ed115f3 100644
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -4309,7 +4309,7 @@ static void ath10k_tpc_config_disp_tables(struct ath10k *ar,
 							    rate_code[i],
 							    type);
 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
-			strncat(tpc_value, buff, strlen(buff));
+			strlcat(tpc_value, buff, sizeof(tpc_value));
 		}
 		tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
 		tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];
@@ -4646,7 +4646,7 @@ ath10k_wmi_tpc_stats_final_disp_tables(struct ath10k *ar,
 							       rate_code[i],
 							       type, pream_idx);
 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
-			strncat(tpc_value, buff, strlen(buff));
+			strlcat(tpc_value, buff, sizeof(tpc_value));
 		}
 		tpc_stats->tpc_table_final[type].pream_idx[i] = pream_idx;
 		tpc_stats->tpc_table_final[type].rate_code[i] = rate_code[i];
-- 
2.9.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH] ath10k: avoid possible string overflow
@ 2018-03-28 22:06 ` Arnd Bergmann
  0 siblings, 0 replies; 5+ messages in thread
From: Arnd Bergmann @ 2018-03-28 22:06 UTC (permalink / raw)
  To: Kalle Valo
  Cc: Maharaja Kennadyrajan, Manikanta Pubbisetty, Arnd Bergmann,
	Johannes Berg, netdev, Anilkumar Kolli, Carl Huang,
	linux-wireless, linux-kernel, ath10k, Gustavo A. R. Silva

The way that 'strncat' is used here raised a warning in gcc-8:

drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]

Effectively, this is simply a strcat() but the use of strncat() suggests
some form of overflow check. Regardless of whether this might actually
overflow, using strlcat() instead of strncat() avoids the warning and
makes the code more robust.

Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/net/wireless/ath/ath10k/wmi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c
index 9649bb752bbd..42522ed115f3 100644
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -4309,7 +4309,7 @@ static void ath10k_tpc_config_disp_tables(struct ath10k *ar,
 							    rate_code[i],
 							    type);
 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
-			strncat(tpc_value, buff, strlen(buff));
+			strlcat(tpc_value, buff, sizeof(tpc_value));
 		}
 		tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
 		tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];
@@ -4646,7 +4646,7 @@ ath10k_wmi_tpc_stats_final_disp_tables(struct ath10k *ar,
 							       rate_code[i],
 							       type, pream_idx);
 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
-			strncat(tpc_value, buff, strlen(buff));
+			strlcat(tpc_value, buff, sizeof(tpc_value));
 		}
 		tpc_stats->tpc_table_final[type].pream_idx[i] = pream_idx;
 		tpc_stats->tpc_table_final[type].rate_code[i] = rate_code[i];
-- 
2.9.0


_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: ath10k: avoid possible string overflow
  2018-03-28 22:06 ` Arnd Bergmann
  (?)
  (?)
@ 2018-04-10 14:28 ` Kalle Valo
  -1 siblings, 0 replies; 5+ messages in thread
From: Kalle Valo @ 2018-04-10 14:28 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Kalle Valo, Arnd Bergmann, Manikanta Pubbisetty, Anilkumar Kolli,
	Carl Huang, Gustavo A. R. Silva, Johannes Berg,
	Maharaja Kennadyrajan, ath10k, linux-wireless, netdev,
	linux-kernel

Arnd Bergmann <arnd@arndb.de> wrote:

> The way that 'strncat' is used here raised a warning in gcc-8:
> 
> drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
> drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
> 
> Effectively, this is simply a strcat() but the use of strncat() suggests
> some form of overflow check. Regardless of whether this might actually
> overflow, using strlcat() instead of strncat() avoids the warning and
> makes the code more robust.
> 
> Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Patch applied to ath-next branch of ath.git, thanks.

6707ba0105a2 ath10k: avoid possible string overflow

-- 
https://patchwork.kernel.org/patch/10314201/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: ath10k: avoid possible string overflow
  2018-03-28 22:06 ` Arnd Bergmann
@ 2018-04-10 14:28   ` Kalle Valo
  -1 siblings, 0 replies; 5+ messages in thread
From: Kalle Valo @ 2018-04-10 14:28 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Maharaja Kennadyrajan, Manikanta Pubbisetty, Johannes Berg,
	Arnd Bergmann, netdev, Anilkumar Kolli, Carl Huang,
	linux-wireless, linux-kernel, ath10k, Kalle Valo,
	Gustavo A. R. Silva

Arnd Bergmann <arnd@arndb.de> wrote:

> The way that 'strncat' is used here raised a warning in gcc-8:
> 
> drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
> drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
> 
> Effectively, this is simply a strcat() but the use of strncat() suggests
> some form of overflow check. Regardless of whether this might actually
> overflow, using strlcat() instead of strncat() avoids the warning and
> makes the code more robust.
> 
> Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Patch applied to ath-next branch of ath.git, thanks.

6707ba0105a2 ath10k: avoid possible string overflow

-- 
https://patchwork.kernel.org/patch/10314201/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: ath10k: avoid possible string overflow
@ 2018-04-10 14:28   ` Kalle Valo
  0 siblings, 0 replies; 5+ messages in thread
From: Kalle Valo @ 2018-04-10 14:28 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Maharaja Kennadyrajan, Manikanta Pubbisetty, Johannes Berg,
	netdev, Anilkumar Kolli, Carl Huang, linux-wireless,
	linux-kernel, ath10k, Kalle Valo, Gustavo A. R. Silva

Arnd Bergmann <arnd@arndb.de> wrote:

> The way that 'strncat' is used here raised a warning in gcc-8:
> 
> drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
> drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
> 
> Effectively, this is simply a strcat() but the use of strncat() suggests
> some form of overflow check. Regardless of whether this might actually
> overflow, using strlcat() instead of strncat() avoids the warning and
> makes the code more robust.
> 
> Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Patch applied to ath-next branch of ath.git, thanks.

6707ba0105a2 ath10k: avoid possible string overflow

-- 
https://patchwork.kernel.org/patch/10314201/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches


_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-04-10 14:29 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-28 22:06 [PATCH] ath10k: avoid possible string overflow Arnd Bergmann
2018-03-28 22:06 ` Arnd Bergmann
2018-04-10 14:28 ` Kalle Valo
2018-04-10 14:28   ` Kalle Valo
2018-04-10 14:28 ` Kalle Valo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.