strncpy() simply bails out when copying a source string whose size exceeds the destination string size, potentially leaving the destination string unterminated.
One possible way to address is to pass MDIO_NAME_LEN - 1 and a previously zero-initialized destination string, but this is more difficult to maintain.
The chosen alternative is to use strlcpy(), which properly limits the copy len in the (srclen >= size) case to "size - 1", and which is also more efficient than the strncpy() byte-by-byte implementation by using memcpy. The destination string returned by strlcpy() is always NULL terminated.
Signed-off-by: Vladimir Oltean vladimir.oltean@nxp.com --- drivers/net/fsl_mcdmafec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/fsl_mcdmafec.c b/drivers/net/fsl_mcdmafec.c index c20aef4ab28d..e103f79305e7 100644 --- a/drivers/net/fsl_mcdmafec.c +++ b/drivers/net/fsl_mcdmafec.c @@ -541,7 +541,7 @@ static int mcdmafec_probe(struct udevice *dev) info->bus = mdio_alloc(); if (!info->bus) return -ENOMEM; - strncpy(info->bus->name, dev->name, MDIO_NAME_LEN); + strlcpy(info->bus->name, dev->name, MDIO_NAME_LEN); info->bus->read = mcffec_miiphy_read; info->bus->write = mcffec_miiphy_write;