Hi Andi, We have already discussed about that here: https://lore.kernel.org/patchwork/patch/866406/
Now that strscpy is largely deployed within kernel, could you retest with the change I suggested ? Best regards, Hugues. On 3/21/19 11:00 PM, Andi Kleen wrote: > From: Andi Kleen <a...@linux.intel.com> > > delta_ipc_open is always called with a single constant string > as name, but it uses a longer memcpy to copy the string to > a different structure. The memcpy would read outside the bounds > of the string, potentially accessing unmapped memory. > > Just use strcpy instead after clearing the area. > > This fixes a build error with LTO, which can detect this. > > Cc: hugues.fruc...@st.com > Cc: mche...@s-opensource.com > Fixes: 91c83f395fbe [media] st-delta: rpmsg ipc support > Signed-off-by: Andi Kleen <a...@linux.intel.com> > --- > drivers/media/platform/sti/delta/delta-ipc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/platform/sti/delta/delta-ipc.c > b/drivers/media/platform/sti/delta/delta-ipc.c > index a4603d573c34..bd1bbbeedec3 100644 > --- a/drivers/media/platform/sti/delta/delta-ipc.c > +++ b/drivers/media/platform/sti/delta/delta-ipc.c > @@ -175,8 +175,8 @@ int delta_ipc_open(struct delta_ctx *pctx, const char > *name, > msg.ipc_buf_size = ipc_buf_size; > msg.ipc_buf_paddr = ctx->ipc_buf->paddr; > > - memcpy(msg.name, name, sizeof(msg.name)); > - msg.name[sizeof(msg.name) - 1] = 0; > + memset(msg.name, 0, sizeof(msg.name)); > + strcpy(msg.name, name); > > msg.param_size = param->size; > memcpy(ctx->ipc_buf->vaddr, param->data, msg.param_size); >
