Hi Bean. > - strncpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8); > + memcpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], 8); > + lbuf[8] = '\0'; Above copies exactly 8 bytes, without any regard to the sizes of destination-buffer (lbuf) or source-buffer (ext_csd). Thus, there are high chances of overflow/underflow/out-of-bounds. If ext_csd contains, say a string 5 characters long, you would want to copy 6 characters (5 for length, 1 for null-terminator). I guess you are trying to copy as-many-bytes as possible to lbuf, including the null-character. Thus, strlcpy/strscpy should be used here. Something like : strlcpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], sizeof(lbuf)); or strscpy(lbuf, (char*)&ext_csd[EXT_CSD_FIRMWARE_VERSION], sizeof(lbuf)); Note that you do not need to worry about putting the null-terminator. strlcpy/strscpy already take care of that for you. Thanks and Regards, Ajay
