On Wed, Feb 15, 2017 at 11:42:54AM +1100, Tobin C. Harding wrote:
> Module copies a user supplied string (module parameter) into a buffer
> using strncpy() and does not check that the buffer is null terminated.
>
> Replace call to strncpy() with call to strlcpy() ensuring that the
> buffer is null terminated.
>
> Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
> ---
> drivers/staging/fbtft/fbtft_device.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/fbtft/fbtft_device.c b/drivers/staging/fbtft/fbtft_device.c
> index de46f8d..7b7223b 100644
> --- a/drivers/staging/fbtft/fbtft_device.c
> +++ b/drivers/staging/fbtft/fbtft_device.c
> @@ -1483,7 +1483,7 @@ static int __init fbtft_device_init(void)
> displays[i].pdev->name = name;
> displays[i].spi = NULL;
> } else {
> - strncpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
> + strlcpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
Shouldn't we properly check the return value here to know if the buffer
did get truncated? Or do we really care?
thanks,
greg k-h
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
