lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2026020712-creasing-portion-436f@gregkh>
Date: Sat, 7 Feb 2026 14:31:25 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Artem Lytkin <iprintercanon@...il.com>
Cc: Sudip Mukherjee <sudipm.mukherjee@...il.com>,
	Teddy Wang <teddy.wang@...iconmotion.com>,
	linux-fbdev@...r.kernel.org, linux-staging@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 2/5] staging: sm750fb: use strcmp() for exact option
 matching

On Wed, Feb 04, 2026 at 12:05:59PM +0000, Artem Lytkin wrote:
> Replace strncmp(opt, "...", strlen("...")) with strcmp() in option
> parsing functions. Options from strsep() are complete null-terminated
> tokens, so prefix matching via strncmp() could cause false positives
> for options like "noaccelXYZ" matching "noaccel".
> 
> Fixes: 81dee67e215b ("staging: sm750fb: add sm750 to staging")
> Signed-off-by: Artem Lytkin <iprintercanon@...il.com>
> ---
>  drivers/staging/sm750fb/sm750.c | 22 +++++++++++-----------
>  1 file changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c
> index 4c6e84c03..bd2d4a290 100644
> --- a/drivers/staging/sm750fb/sm750.c
> +++ b/drivers/staging/sm750fb/sm750.c
> @@ -937,21 +937,21 @@ static void sm750fb_setup(struct sm750_dev *sm750_dev, char *src)
>  		dev_info(&sm750_dev->pdev->dev, "opt=%s\n", opt);
>  		dev_info(&sm750_dev->pdev->dev, "src=%s\n", src);
>  
> -		if (!strncmp(opt, "swap", strlen("swap"))) {
> +		if (!strcmp(opt, "swap")) {

While I understand the feeling, again, this really isn't doing anything
except cause other code checkers to go "Wait, we can't call strcmp() we
must replace that with strncmp()!"

Please don't replace one warning with another.  Option parsing is a
pain, let's not make it any more of a pain than it is.  Ideally all of
the framebuffer drivers could make some "simple" helper functions to
handle this crazy logic for them, instead of forcing them to all do it
manually :(

Yet another reason all of us want to just delete all of these drivers...

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ