1. Patchew
  2. linux
  3. View series

[PATCH] EDAC/versalnet: fix possible buffer overflow

Alexander A. Klimov posted 1 patch 1 month ago 
drivers/edac/versalnet_edac.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
[PATCH] EDAC/versalnet: fix possible buffer overflow
Posted by Alexander A. Klimov 1 month ago 
In rpmsg_probe(), a string was copied like this:

     strscpy(DST, SRC, strlen(SRC));

A buffer overflow would happen if strlen(SRC) > sizeof(DST).
Actually, strscpy() must be used this way:

     strscpy(DST, SRC, sizeof(DST));
     strscpy(DST, SRC); // defaults to sizeof(DST)

Fixes: d5fe2fec6c40 ("EDAC: Add a driver for the AMD Versal NET DDR controller")
Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
  drivers/edac/versalnet_edac.c | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/edac/versalnet_edac.c b/drivers/edac/versalnet_edac.c
index 97ec05d68bbb..ee3ad64e34a4 100644
--- a/drivers/edac/versalnet_edac.c
+++ b/drivers/edac/versalnet_edac.c
@@ -728,8 +728,7 @@ static int rpmsg_probe(struct rpmsg_device *rpdev)
  	pg = (struct mc_priv *)amd_rpmsg_id_table[0].driver_data;
  	chinfo.src = RPMSG_ADDR_ANY;
  	chinfo.dst = rpdev->dst;
-	strscpy(chinfo.name, amd_rpmsg_id_table[0].name,
-		strlen(amd_rpmsg_id_table[0].name));
+	strscpy(chinfo.name, amd_rpmsg_id_table[0].name);

  	pg->ept = rpmsg_create_ept(rpdev, rpmsg_cb, NULL, chinfo);
  	if (!pg->ept)
-- 
2.54.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.