[PATCH] staging/fbtft: Remove all strcpy() uses

From: Len Baker
Date: Sun Jul 18 2021 - 09:40:08 EST

Next message: syzbot: "Re: [syzbot] BUG: unable to handle kernel paging request in ath9k_htc_rxep"
Previous message: Ani Sinha: "Re: [PATCH v3] checkpatch: add a rule to check general block comment style"
Next in thread: Andy Shevchenko: "Re: [PATCH] staging/fbtft: Remove all strcpy() uses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy() but in
this case it is simpler to add NULL to the first position since we want
to empty the string.

This is a previous step in the path to remove the strcpy() function.

Signed-off-by: Len Baker <len.baker@xxxxxxx>
---
drivers/staging/fbtft/fbtft-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index 3723269890d5..b8791806cb20 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -1037,7 +1037,7 @@ int fbtft_init_display(struct fbtft_par *par)
case -1:
i++;
/* make debug message */
- strcpy(msg, "");
+ msg[0] = 0;
j = i + 1;
while (par->init_sequence[j] >= 0) {
sprintf(str, "0x%02X ", par->init_sequence[j]);
--
2.25.1

Next message: syzbot: "Re: [syzbot] BUG: unable to handle kernel paging request in ath9k_htc_rxep"
Previous message: Ani Sinha: "Re: [PATCH v3] checkpatch: add a rule to check general block comment style"
Next in thread: Andy Shevchenko: "Re: [PATCH] staging/fbtft: Remove all strcpy() uses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]