diff mbox series

[5/5] media: sti: don't copy past the size

Message ID 1c043f5c26b9cf5b4520241e2015feeae8445f58.1624276138.git.mchehab+huawei@kernel.org
State Accepted
Commit 54e80d9883bd5b76c80710bddc63d1bd3f374d50
Headers show
Series [1/5] media: dib8000: rewrite the init prbs logic | expand

Commit Message

Mauro Carvalho Chehab June 21, 2021, 11:56 a.m. UTC
The logic at delta_ipc_open() tries to copy past the size of
the name passed to it:

	drivers/media/platform/sti/delta/delta-ipc.c:178 delta_ipc_open() error: __memcpy() 'name' too small (17 vs 32)

Basically,this function is called just one with:

	ret = delta_ipc_open(pctx, "JPEG_DECODER_HW0", ...);

The string used there has just 17 bytes. Yet, the logic tries
to copy the entire name size (32 bytes), which is plain wrong.

Replace it by strscpy, which is good enough to copy the string,
warranting that this will be NUL-terminated.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
---
 drivers/media/platform/sti/delta/delta-ipc.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/drivers/media/platform/sti/delta/delta-ipc.c b/drivers/media/platform/sti/delta/delta-ipc.c
index 186d88f02ecd..21d3e08e259a 100644
--- a/drivers/media/platform/sti/delta/delta-ipc.c
+++ b/drivers/media/platform/sti/delta/delta-ipc.c
@@ -175,8 +175,7 @@  int delta_ipc_open(struct delta_ctx *pctx, const char *name,
 	msg.ipc_buf_size = ipc_buf_size;
 	msg.ipc_buf_paddr = ctx->ipc_buf->paddr;
 
-	memcpy(msg.name, name, sizeof(msg.name));
-	msg.name[sizeof(msg.name) - 1] = 0;
+	strscpy(msg.name, name, sizeof(msg.name));
 
 	msg.param_size = param->size;
 	memcpy(ctx->ipc_buf->vaddr, param->data, msg.param_size);