On Wed, Aug 23, 2017 at 8:04 PM, Bjorn Andersson <bjorn.andersson@xxxxxxxxxx> wrote: > As of_device_get_modalias() returns the number of bytes that would have > been written to the target string, regardless of how much did fit in the > buffer, it's possible that the returned index points beyond the buffer > passed to of_device_modalias() - causing memory beyond the buffer to be > null terminated. I guess ibmebus and macio had this bug for some time because I just copied those implementations. Applying both patches. Thanks. Rob