strncpy() does not ensure NULL-termination when the input string
size equals to the destination buffer size 16.
The output string desc is passed to a print-like function
which relies on the NULL-termination.
Use strlcpy() instead.
This issue is detected by a Coccinelle script.
Signed-off-by: Wang Xiayang <xywang.s...@sjtu.edu.cn>
---
drivers/scsi/mpt3sas/mpt3sas_base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c
b/drivers/scsi/mpt3sas/mpt3sas_base.c
index 684662888792..36d4c0aed18f 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_base.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
@@ -4296,7 +4296,7 @@ _base_display_ioc_capabilities(struct MPT3SAS_ADAPTER
*ioc)
u32 bios_version;
bios_version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
- strncpy(desc, ioc->manu_pg0.ChipName, 16);
+ strlcpy(desc, ioc->manu_pg0.ChipName, 16);
ioc_info(ioc, "%s: FWVersion(%02d.%02d.%02d.%02d),
ChipRevision(0x%02x), BiosVersion(%02d.%02d.%02d.%02d)\n",
desc,
(ioc->facts.FWVersion.Word & 0xFF000000) >> 24,
--
2.11.0
