[PATCH 1/3] staging: fbtft: use strncpy instead of strcpy

Sudip Mukherjee sudipm.mukherjee at gmail.com
Sat Sep 5 13:43:43 UTC 2015


Using strcpy() is a security risk as the destination buffer size is not
checked and we may over-run the buffer. Use strncpy() instead, while
mentioning the buffer size leaving place for the NULL termination.

Signed-off-by: Sudip Mukherjee <sudip at vectorindia.org>
---
 drivers/staging/fbtft/fbtft_device.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/fbtft/fbtft_device.c b/drivers/staging/fbtft/fbtft_device.c
index 0483d33..3856c88 100644
--- a/drivers/staging/fbtft/fbtft_device.c
+++ b/drivers/staging/fbtft/fbtft_device.c
@@ -1342,7 +1342,8 @@ static int __init fbtft_device_init(void)
 				p_name, p_num);
 			return -EINVAL;
 		}
-		strcpy(fbtft_device_param_gpios[i].name, p_name);
+		strncpy(fbtft_device_param_gpios[i].name, p_name,
+			FBTFT_GPIO_NAME_SIZE - 1);
 		fbtft_device_param_gpios[i++].gpio = (int) val;
 		if (i == MAX_GPIOS) {
 			pr_err(DRVNAME
-- 
1.9.1



More information about the devel mailing list