Kees Cook [off-list ref] wrote:

Using memcpy() from a string that is shorter than the length copied means
the destination buffer is being filled with arbitrary data from the kernel
rodata segment. Instead, redefine the stat strings to be ETH_GSTRING_LEN
sizes, like other drivers. This lets us use a single memcpy that does not
leak rodata contents. Additionally adjust indentation to keep checkpatch.pl
happy.

This was found with the future CONFIG_FORTIFY_SOURCE feature.

Cc: Daniel Micay <redacted>
Signed-off-by: Kees Cook <redacted>

Patch applied to wireless-drivers-next.git, thanks.

12e3c0433e8a libertas: Avoid reading past end of buffer

-- 
https://patchwork.kernel.org/patch/9727997/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches