[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210718133920.15825-1-len.baker@gmx.com>
Date: Sun, 18 Jul 2021 15:39:20 +0200
From: Len Baker <len.baker@....com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Len Baker <len.baker@....com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Phil Reid <preid@...ctromag.com.au>,
dri-devel@...ts.freedesktop.org, linux-fbdev@...r.kernel.org,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: [PATCH] staging/fbtft: Remove all strcpy() uses
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy() but in
this case it is simpler to add NULL to the first position since we want
to empty the string.
This is a previous step in the path to remove the strcpy() function.
Signed-off-by: Len Baker <len.baker@....com>
---
drivers/staging/fbtft/fbtft-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index 3723269890d5..b8791806cb20 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -1037,7 +1037,7 @@ int fbtft_init_display(struct fbtft_par *par)
case -1:
i++;
/* make debug message */
- strcpy(msg, "");
+ msg[0] = 0;
j = i + 1;
while (par->init_sequence[j] >= 0) {
sprintf(str, "0x%02X ", par->init_sequence[j]);
--
2.25.1
Powered by blists - more mailing lists