On 03/02/2018 02:51 AM, David Laight wrote: > From: Florian Fainelli >> >> Do not use memcpy() which is not safe, but instead use strncpy() which >> will make sure that the string is NUL terminated (in the Linux >> implementation) if the string is smaller than the length specified. This >> fixes KASAN out of bounds warnings while fetching port statistics. > > You really ought to use a copy function that will truncate the > string if it is too long. > Just assuming the string isn't too long is asking for trouble. > You might (almost) just use strcpy(). > > strlcpy() will probably work best here.
Right, or if we actually do size the statistics string to be ETH_GSTRING_LEN bytes, memcpy() can be used, provided that the strings are initialized correctly (which they are). -- Florian