Patch "video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 2 Apr 2022 12:13:41 -0400

This is a note to let you know that I've just added the patch titled

    video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     video-fbdev-nvidiafb-use-strscpy-to-prevent-buffer-o.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 047781b4cf4aa1c2f3ff33b72fe5fa5247dc4714
Author: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
Date:   Mon Sep 27 09:45:02 2021 -0600

    video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
    
    [ Upstream commit 37a1a2e6eeeb101285cd34e12e48a881524701aa ]
    
    Coverity complains of a possible buffer overflow. However,
    given the 'static' scope of nvidia_setup_i2c_bus() it looks
    like that can't happen after examiniing the call sites.
    
    CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
    1. fixed_size_dest: You might overrun the 48-character fixed-size string
      chan->adapter.name by copying name without checking the length.
    2. parameter_as_source: Note: This defect has an elevated risk because the
      source argument is a parameter of the current function.
     89        strcpy(chan->adapter.name, name);
    
    Fix this warning by using strscpy() which will silence the warning and
    prevent any future buffer overflows should the names used to identify the
    channel become much longer.
    
    Cc: Antonino Daplas <adaplas@xxxxxxxxx>
    Cc: linux-fbdev@xxxxxxxxxxxxxxx
    Cc: dri-devel@xxxxxxxxxxxxxxxxxxxxx
    Cc: linux-kernel@xxxxxxxxxxxxxxx
    Signed-off-by: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
    Signed-off-by: Helge Deller <deller@xxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/video/fbdev/nvidia/nv_i2c.c b/drivers/video/fbdev/nvidia/nv_i2c.c
index d7994a173245..0b48965a6420 100644
--- a/drivers/video/fbdev/nvidia/nv_i2c.c
+++ b/drivers/video/fbdev/nvidia/nv_i2c.c
@@ -86,7 +86,7 @@ static int nvidia_setup_i2c_bus(struct nvidia_i2c_chan *chan, const char *name,
 {
 	int rc;
 
-	strcpy(chan->adapter.name, name);
+	strscpy(chan->adapter.name, name, sizeof(chan->adapter.name));
 	chan->adapter.owner = THIS_MODULE;
 	chan->adapter.class = i2c_class;
 	chan->adapter.algo_data = &chan->algo;






