On Thu, 2024-04-04 at 14:38 -0700, Justin Stitt wrote: [...] > I am not sure how my patch [1] is triggering this fortify panic. I > didn't modify this printk or the string arguments (ioc->name), also > the change from strncpy to strscpy did not introduce any strnlen()'s > which seems to be the thing fortify is upset about: > "2024-04-01T19:18:28.000000+00:00 zGMT kernel - - - detected buffer > overflow in strnlen" > or > "2024-04-01T22:23:45.000000+00:00 zGMT kernel - - - strnlen: detected > buffer overflow: 9 byte read of buffer size 8" it's sitting in the definition of sized_strscpy in fortify-string.h Since the fields in question aren't zero terminated there's a bad assumption that you can do strnlen on the source field. James
