All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] drm/amd/display: Fix overflow/truncation from strncpy.
@ 2018-07-20 14:17 Nicholas Kazlauskas
       [not found] ` <20180720141729.6938-1-nicholas.kazlauskas-5C7GfCeVMHo@public.gmane.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Nicholas Kazlauskas @ 2018-07-20 14:17 UTC (permalink / raw)
  To: amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW; +Cc: Nicholas Kazlauskas

[Why]

New GCC warnings for stringop-truncation and stringop-overflow help
catch common misuse of strncpy. This patch suppresses these warnings
by fixing bugs identified by them.

[How]

Since the parameter passed for name in amdpgu_dm_create_common_mode has
no fixed length, if the string is >= DRM_DISPLAY_MODE_LEN then
mode->name will not be null-terminated.

The truncation in fill_audio_info won't actually occur (and the string
will be null-terminated since the buffer is initialized to zero), but
the warning can be suppressed by using the proper buffer size.

This patch fixes both issues by using the real size for the buffer and
making use of strscpy (which always terminates).

Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
---
 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 8e3ebd988043..72d32dfa9f7f 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -2331,9 +2331,9 @@ static void fill_audio_info(struct audio_info *audio_info,
 
 	cea_revision = drm_connector->display_info.cea_rev;
 
-	strncpy(audio_info->display_name,
+	strscpy(audio_info->display_name,
 		edid_caps->display_name,
-		AUDIO_INFO_DISPLAY_NAME_SIZE_IN_CHARS - 1);
+		AUDIO_INFO_DISPLAY_NAME_SIZE_IN_CHARS);
 
 	if (cea_revision >= 3) {
 		audio_info->mode_count = edid_caps->audio_mode_count;
@@ -3449,7 +3449,7 @@ amdgpu_dm_create_common_mode(struct drm_encoder *encoder,
 	mode->hdisplay = hdisplay;
 	mode->vdisplay = vdisplay;
 	mode->type &= ~DRM_MODE_TYPE_PREFERRED;
-	strncpy(mode->name, name, DRM_DISPLAY_MODE_LEN);
+	strscpy(mode->name, name, DRM_DISPLAY_MODE_LEN);
 
 	return mode;
 
-- 
2.17.1

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] drm/amd/display: Fix overflow/truncation from strncpy.
       [not found] ` <20180720141729.6938-1-nicholas.kazlauskas-5C7GfCeVMHo@public.gmane.org>
@ 2018-07-20 15:20   ` Harry Wentland
  0 siblings, 0 replies; 2+ messages in thread
From: Harry Wentland @ 2018-07-20 15:20 UTC (permalink / raw)
  To: Nicholas Kazlauskas, amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW

On 2018-07-20 10:17 AM, Nicholas Kazlauskas wrote:
> [Why]
> 
> New GCC warnings for stringop-truncation and stringop-overflow help
> catch common misuse of strncpy. This patch suppresses these warnings
> by fixing bugs identified by them.
> 
> [How]
> 
> Since the parameter passed for name in amdpgu_dm_create_common_mode has
> no fixed length, if the string is >= DRM_DISPLAY_MODE_LEN then
> mode->name will not be null-terminated.
> 
> The truncation in fill_audio_info won't actually occur (and the string
> will be null-terminated since the buffer is initialized to zero), but
> the warning can be suppressed by using the proper buffer size.
> 
> This patch fixes both issues by using the real size for the buffer and
> making use of strscpy (which always terminates).
> 
> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>

Reviewed-by: Harry Wentland <harry.wentland@amd.com>

Please merge to amd-staging-drm-next and back-merge to the internal tree.

Harry

> ---
>  drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> index 8e3ebd988043..72d32dfa9f7f 100644
> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> @@ -2331,9 +2331,9 @@ static void fill_audio_info(struct audio_info *audio_info,
>  
>  	cea_revision = drm_connector->display_info.cea_rev;
>  
> -	strncpy(audio_info->display_name,
> +	strscpy(audio_info->display_name,
>  		edid_caps->display_name,
> -		AUDIO_INFO_DISPLAY_NAME_SIZE_IN_CHARS - 1);
> +		AUDIO_INFO_DISPLAY_NAME_SIZE_IN_CHARS);
>  
>  	if (cea_revision >= 3) {
>  		audio_info->mode_count = edid_caps->audio_mode_count;
> @@ -3449,7 +3449,7 @@ amdgpu_dm_create_common_mode(struct drm_encoder *encoder,
>  	mode->hdisplay = hdisplay;
>  	mode->vdisplay = vdisplay;
>  	mode->type &= ~DRM_MODE_TYPE_PREFERRED;
> -	strncpy(mode->name, name, DRM_DISPLAY_MODE_LEN);
> +	strscpy(mode->name, name, DRM_DISPLAY_MODE_LEN);
>  
>  	return mode;
>  
> 
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-20 15:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-20 14:17 [PATCH] drm/amd/display: Fix overflow/truncation from strncpy Nicholas Kazlauskas
     [not found] ` <20180720141729.6938-1-nicholas.kazlauskas-5C7GfCeVMHo@public.gmane.org>
2018-07-20 15:20   ` Harry Wentland

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.