From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sasha Levin <sashal@kernel.org>, linux-fbdev@vger.kernel.org, Antonino Daplas <adaplas@gmail.com>, Helge Deller <deller@gmx.de>, dri-devel@lists.freedesktop.org, tomi.valkeinen@ti.com, Tim Gardner <tim.gardner@canonical.com> Subject: [PATCH AUTOSEL 4.14 01/20] video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Date: Wed, 30 Mar 2022 07:53:17 -0400 [thread overview] Message-ID: <20220330115336.1672930-1-sashal@kernel.org> (raw) From: Tim Gardner <tim.gardner@canonical.com> [ Upstream commit 37a1a2e6eeeb101285cd34e12e48a881524701aa ] Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer. Cc: Antonino Daplas <adaplas@gmail.com> Cc: linux-fbdev@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> --- drivers/video/fbdev/nvidia/nv_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/video/fbdev/nvidia/nv_i2c.c b/drivers/video/fbdev/nvidia/nv_i2c.c index d7994a173245..0b48965a6420 100644 --- a/drivers/video/fbdev/nvidia/nv_i2c.c +++ b/drivers/video/fbdev/nvidia/nv_i2c.c @@ -86,7 +86,7 @@ static int nvidia_setup_i2c_bus(struct nvidia_i2c_chan *chan, const char *name, { int rc; - strcpy(chan->adapter.name, name); + strscpy(chan->adapter.name, name, sizeof(chan->adapter.name)); chan->adapter.owner = THIS_MODULE; chan->adapter.class = i2c_class; chan->adapter.algo_data = &chan->algo; -- 2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Tim Gardner <tim.gardner@canonical.com>, Antonino Daplas <adaplas@gmail.com>, linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Helge Deller <deller@gmx.de>, Sasha Levin <sashal@kernel.org>, tomi.valkeinen@ti.com Subject: [PATCH AUTOSEL 4.14 01/20] video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Date: Wed, 30 Mar 2022 07:53:17 -0400 [thread overview] Message-ID: <20220330115336.1672930-1-sashal@kernel.org> (raw) From: Tim Gardner <tim.gardner@canonical.com> [ Upstream commit 37a1a2e6eeeb101285cd34e12e48a881524701aa ] Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer. Cc: Antonino Daplas <adaplas@gmail.com> Cc: linux-fbdev@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> --- drivers/video/fbdev/nvidia/nv_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/video/fbdev/nvidia/nv_i2c.c b/drivers/video/fbdev/nvidia/nv_i2c.c index d7994a173245..0b48965a6420 100644 --- a/drivers/video/fbdev/nvidia/nv_i2c.c +++ b/drivers/video/fbdev/nvidia/nv_i2c.c @@ -86,7 +86,7 @@ static int nvidia_setup_i2c_bus(struct nvidia_i2c_chan *chan, const char *name, { int rc; - strcpy(chan->adapter.name, name); + strscpy(chan->adapter.name, name, sizeof(chan->adapter.name)); chan->adapter.owner = THIS_MODULE; chan->adapter.class = i2c_class; chan->adapter.algo_data = &chan->algo; -- 2.34.1
next reply other threads:[~2022-03-30 11:53 UTC|newest] Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-03-30 11:53 Sasha Levin [this message] 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 01/20] video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 02/20] video: fbdev: w100fb: Reset global state Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 03/20] video: fbdev: cirrusfb: check pixclock to avoid divide by zero Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 04/20] video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 05/20] ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 Sasha Levin 2022-03-30 11:53 ` Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 06/20] ARM: dts: bcm2837: Add the missing L1/L2 cache information Sasha Levin 2022-03-30 11:53 ` Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 07/20] ARM: ftrace: avoid redundant loads or clobbering IP Sasha Levin 2022-03-30 11:53 ` Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 08/20] video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 09/20] video: fbdev: omapfb: panel-tpo-td043mtea1: " Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 10/20] printk: Add panic_in_progress helper Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 11/20] ASoC: soc-core: skip zero num_dai component in searching dai name Sasha Levin 2022-03-30 11:53 ` Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 12/20] printk: use atomic updates for klogd work Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 13/20] media: cx88-mpeg: clear interrupt status register before streaming video Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 14/20] ARM: tegra: tamonten: Fix I2C3 pad setting Sasha Levin 2022-03-30 11:53 ` Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 15/20] ARM: mmp: Fix failure to remove sram device Sasha Levin 2022-03-30 11:53 ` Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 16/20] video: fbdev: sm712fb: Fix crash in smtcfb_write() Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 17/20] media: hdpvr: initialize dev->worker at hdpvr_register_videodev Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 18/20] tracing: Have TRACE_DEFINE_ENUM affect trace event types as well Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 19/20] mmc: host: Return an error when ->enable_sdio_irq() ops is missing Sasha Levin 2022-03-30 11:53 ` [PATCH AUTOSEL 4.14 20/20] ASoC: ak4642: Use of_device_get_match_data() Sasha Levin 2022-03-30 11:53 ` Sasha Levin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220330115336.1672930-1-sashal@kernel.org \ --to=sashal@kernel.org \ --cc=adaplas@gmail.com \ --cc=deller@gmx.de \ --cc=dri-devel@lists.freedesktop.org \ --cc=linux-fbdev@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=tim.gardner@canonical.com \ --cc=tomi.valkeinen@ti.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.