Hi, On Thu, Mar 28, 2024 at 03:04:50PM +0100, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@xxxxxxxx> > > gcc -Wstringop-truncation warns about copying a string that results in a > missing nul termination: > > drivers/acpi/acpica/tbfind.c: In function 'acpi_tb_find_table': > drivers/acpi/acpica/tbfind.c:60:9: error: 'strncpy' specified bound 6 equals destination size [-Werror=stringop-truncation] > 60 | strncpy(header.oem_id, oem_id, ACPI_OEM_ID_SIZE); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > drivers/acpi/acpica/tbfind.c:61:9: error: 'strncpy' specified bound 8 equals destination size [-Werror=stringop-truncation] > 61 | strncpy(header.oem_table_id, oem_table_id, ACPI_OEM_TABLE_ID_SIZE); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > This one is intentional, so rewrite the code in a way that avoids the > warning. Since there is already an extra strlen() and an overflow check, > the actual size to be copied is already known here. > I also tried cleaning these up but Kees informed me that this subsystem is maintained elsewhere: https://lore.kernel.org/all/202308241612.DFE4119@keescook/ I am not sure if you can get changes through by the traditional means. > > Fixes: 47c08729bf1c ("ACPICA: Fix for LoadTable operator, input strings") > Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx> > --- > drivers/acpi/acpica/tbfind.c | 19 +++++++++---------- > 1 file changed, 9 insertions(+), 10 deletions(-) > > diff --git a/drivers/acpi/acpica/tbfind.c b/drivers/acpi/acpica/tbfind.c > index 1c1b2e284bd9..472ce2a6624b 100644 > --- a/drivers/acpi/acpica/tbfind.c > +++ b/drivers/acpi/acpica/tbfind.c > @@ -36,7 +36,7 @@ acpi_tb_find_table(char *signature, > { > acpi_status status = AE_OK; > struct acpi_table_header header; > - u32 i; > + u32 len, i; > > ACPI_FUNCTION_TRACE(tb_find_table); > > @@ -46,19 +46,18 @@ acpi_tb_find_table(char *signature, > return_ACPI_STATUS(AE_BAD_SIGNATURE); > } > > - /* Don't allow the OEM strings to be too long */ > - > - if ((strlen(oem_id) > ACPI_OEM_ID_SIZE) || > - (strlen(oem_table_id) > ACPI_OEM_TABLE_ID_SIZE)) { > - return_ACPI_STATUS(AE_AML_STRING_LIMIT); > - } > - > /* Normalize the input strings */ > > memset(&header, 0, sizeof(struct acpi_table_header)); > ACPI_COPY_NAMESEG(header.signature, signature); > - strncpy(header.oem_id, oem_id, ACPI_OEM_ID_SIZE); > - strncpy(header.oem_table_id, oem_table_id, ACPI_OEM_TABLE_ID_SIZE); > + len = strlen(oem_id); > + if (len > ACPI_OEM_ID_SIZE) > + return_ACPI_STATUS(AE_AML_STRING_LIMIT); > + memcpy(header.oem_id, oem_id, len); > + len = strlen(oem_table_id); > + if (len > ACPI_OEM_TABLE_ID_SIZE) > + return_ACPI_STATUS(AE_AML_STRING_LIMIT); > + memcpy(header.oem_table_id, oem_table_id, len); > > /* Search for the table */ > > -- > 2.39.2 > Thanks Justin
