strncpy() does not guarantee NUL-termination and is deprecated for NUL-terminated strings. Replace it with strscpy_pad(), which guarantees NUL-termination and zero-pads the remaining bytes, matching the fixed-size firmware tag semantics.
Signed-off-by: Vivek BalachandharTN vivek.balachandhar@gmail.com --- .../greybus/Documentation/firmware/firmware.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/greybus/Documentation/firmware/firmware.c b/drivers/staging/greybus/Documentation/firmware/firmware.c index 3b35ef6d4adb..deac8584841b 100644 --- a/drivers/staging/greybus/Documentation/firmware/firmware.c +++ b/drivers/staging/greybus/Documentation/firmware/firmware.c @@ -63,8 +63,8 @@ static int update_intf_firmware(int fd) intf_load.major = 0; intf_load.minor = 0;
- strncpy((char *)&intf_load.firmware_tag, firmware_tag, - GB_FIRMWARE_U_TAG_MAX_SIZE); + strscpy_pad((char *)&intf_load.firmware_tag, firmware_tag, + GB_FIRMWARE_U_TAG_MAX_SIZE);
ret = ioctl(fd, FW_MGMT_IOC_INTF_LOAD_AND_VALIDATE, &intf_load); if (ret < 0) { @@ -101,8 +101,8 @@ static int update_backend_firmware(int fd) /* Get Backend Firmware Version */ printf("Getting Backend Firmware Version\n");
- strncpy((char *)&backend_fw_info.firmware_tag, firmware_tag, - GB_FIRMWARE_U_TAG_MAX_SIZE); + strscpy_pad((char *)&backend_fw_info.firmware_tag, firmware_tag, + GB_FIRMWARE_U_TAG_MAX_SIZE);
retry_fw_version: ret = ioctl(fd, FW_MGMT_IOC_GET_BACKEND_FW, &backend_fw_info); @@ -129,8 +129,8 @@ static int update_backend_firmware(int fd) /* Try Backend Firmware Update over Unipro */ printf("Updating Backend Firmware\n");
- strncpy((char *)&backend_update.firmware_tag, firmware_tag, - GB_FIRMWARE_U_TAG_MAX_SIZE); + strscpy_pad((char *)&backend_update.firmware_tag, firmware_tag, + GB_FIRMWARE_U_TAG_MAX_SIZE);
retry_fw_update: backend_update.status = 0;
On Tue, Oct 14, 2025 at 01:41:48PM +0000, Vivek BalachandharTN wrote:
strncpy() does not guarantee NUL-termination and is deprecated for NUL-terminated strings. Replace it with strscpy_pad(), which guarantees NUL-termination and zero-pads the remaining bytes, matching the fixed-size firmware tag semantics.
Signed-off-by: Vivek BalachandharTN vivek.balachandhar@gmail.com
.../greybus/Documentation/firmware/firmware.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/greybus/Documentation/firmware/firmware.c b/drivers/staging/greybus/Documentation/firmware/firmware.c index 3b35ef6d4adb..deac8584841b 100644 --- a/drivers/staging/greybus/Documentation/firmware/firmware.c +++ b/drivers/staging/greybus/Documentation/firmware/firmware.c
This is sample user space code so the strscpy_pad() isn't available. It will break the compile.
regards, dan carpenter
Yes, Dan. Nice catch. Building it with below sample change:
memset(&intf_load.firmware_tag, 0, GB_FIRMWARE_U_TAG_MAX_SIZE); strncpy((char *)&intf_load.firmware_tag, firmware_tag, GB_FIRMWARE_U_TAG_MAX_SIZE - 1);
If it works, will send another patch.
Best, Vivek.
On 2025-10-14 9:53 a.m., Dan Carpenter wrote:
On Tue, Oct 14, 2025 at 01:41:48PM +0000, Vivek BalachandharTN wrote:
strncpy() does not guarantee NUL-termination and is deprecated for NUL-terminated strings. Replace it with strscpy_pad(), which guarantees NUL-termination and zero-pads the remaining bytes, matching the fixed-size firmware tag semantics.
Signed-off-by: Vivek BalachandharTN vivek.balachandhar@gmail.com
.../greybus/Documentation/firmware/firmware.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/greybus/Documentation/firmware/firmware.c b/drivers/staging/greybus/Documentation/firmware/firmware.c index 3b35ef6d4adb..deac8584841b 100644 --- a/drivers/staging/greybus/Documentation/firmware/firmware.c +++ b/drivers/staging/greybus/Documentation/firmware/firmware.c
This is sample user space code so the strscpy_pad() isn't available. It will break the compile.
regards, dan carpenter
On Tue, Oct 14, 2025 at 10:01:28AM -0400, Vivek BalachandharTN wrote:
Yes, Dan. Nice catch. Building it with below sample change:
memset(&intf_load.firmware_tag, 0, GB_FIRMWARE_U_TAG_MAX_SIZE); strncpy((char *)&intf_load.firmware_tag, firmware_tag, GB_FIRMWARE_U_TAG_MAX_SIZE - 1);
There isn't a need to doing the memset()...
regards, dan carpenter
Hi Dan,
Thanks again—confirmed the structs are zero-initialized before the copy.
Would a minimal fix that guarantees NUL-termination be acceptable, e.g.:
strncpy((char *)&intf_load.firmware_tag, firmware_tag, GB_FIRMWARE_U_TAG_MAX_SIZE - 1); ((char *)&intf_load.firmware_tag)[GB_FIRMWARE_U_TAG_MAX_SIZE - 1] = '\0';
I can respin as v2 with the same change applied to the other two firmware_tag fields.
Best regards, Vivek
On 2025-10-14 10:15 a.m., Dan Carpenter wrote:
On Tue, Oct 14, 2025 at 10:01:28AM -0400, Vivek BalachandharTN wrote:
Yes, Dan. Nice catch. Building it with below sample change:
memset(&intf_load.firmware_tag, 0, GB_FIRMWARE_U_TAG_MAX_SIZE); strncpy((char *)&intf_load.firmware_tag, firmware_tag, GB_FIRMWARE_U_TAG_MAX_SIZE - 1);
There isn't a need to doing the memset()...
regards, dan carpenter
On Tue, Oct 14, 2025 at 12:10:50PM -0400, Vivek BalachandharTN wrote:
Hi Dan,
Thanks again—confirmed the structs are zero-initialized before the copy.
Would a minimal fix that guarantees NUL-termination be acceptable, e.g.:
strncpy((char *)&intf_load.firmware_tag, firmware_tag, GB_FIRMWARE_U_TAG_MAX_SIZE - 1); ((char *)&intf_load.firmware_tag)[GB_FIRMWARE_U_TAG_MAX_SIZE - 1] = '\0';
I can respin as v2 with the same change applied to the other two firmware_tag fields.
Sorry, I should have explained this at the start... The struct is initialized to zero. The strncpy() copies at most "GB_FIRMWARE_U_TAG_MAX_SIZE - 1" characters, meaning we never copy anything to the last character which stays as zero.
regards, dan carpenter
Hi Dan,
Thanks for clarifying. That makes sense — since the struct starts zeroed and the last byte remains untouched, the current code is already safe. I’ll drop this patch.
Appreciate the quick guidance.
Best Vivek
On 2025-10-14 1:13 p.m., Dan Carpenter wrote:
On Tue, Oct 14, 2025 at 12:10:50PM -0400, Vivek BalachandharTN wrote:
Hi Dan,
Thanks again—confirmed the structs are zero-initialized before the copy.
Would a minimal fix that guarantees NUL-termination be acceptable, e.g.:
strncpy((char *)&intf_load.firmware_tag, firmware_tag, GB_FIRMWARE_U_TAG_MAX_SIZE - 1); ((char *)&intf_load.firmware_tag)[GB_FIRMWARE_U_TAG_MAX_SIZE - 1] = '\0';
I can respin as v2 with the same change applied to the other two firmware_tag fields.
Sorry, I should have explained this at the start... The struct is initialized to zero. The strncpy() copies at most "GB_FIRMWARE_U_TAG_MAX_SIZE - 1" characters, meaning we never copy anything to the last character which stays as zero.
regards, dan carpenter
-
Dan Carpenter -
Vivek BalachandharTN