video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Coverity complains of a possible buffer overflow. However,
given the 'static' scope of nvidia_setup_i2c_bus() it looks
like that can't happen after examiniing the call sites.

CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 48-character fixed-size string
chan->adapter.name by copying name without checking the length.
2. parameter_as_source: Note: This defect has an elevated risk because the
source argument is a parameter of the current function.
89 strcpy(chan->adapter.name, name);

Fix this warning by using strscpy() which will silence the warning and
prevent any future buffer overflows should the names used to identify the
channel become much longer.

Cc: Antonino Daplas <adaplas@gmail.com>
Cc: linux-fbdev@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Helge Deller <deller@gmx.de>

authored by

Tim Gardner and committed by

Helge Deller 4 years ago 37a1a2e6 1e3c3e61

+1 -1

1 changed file

expand all

drivers

video

fbdev

nvidia

nv_i2c.c

+1 -1

drivers/video/fbdev/nvidia/nv_i2c.c

··· 86 86 { 87 87 int rc; 88 88 89 - strcpy(chan->adapter.name, name); 89 + strscpy(chan->adapter.name, name, sizeof(chan->adapter.name)); 90 90 chan->adapter.owner = THIS_MODULE; 91 91 chan->adapter.class = i2c_class; 92 92 chan->adapter.algo_data = &chan->algo;