strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
Changelog v1 -> v2 - Add two new commits to clean the code. - Use the "%*ph" format specifier instead of strscpy() function (Geert Uytterhoeven)
Changelog v2 -> v3 - Change the initialization of the "j" variable in the "for" loop and update the code accordingly (Andy Shevchenko). - Improve the commit message to inform that the "%*ph" replacement won't cut output earlier than requested (Andy Shevchenko). - Don't remove the braces in the "if" statement due to the presence of the comment (Geert Uytterhoeven).
Len Baker (3): staging/fbtft: Remove all strcpy() uses staging/fbtft: Remove unnecessary variable initialization staging/fbtft: Fix braces coding style
drivers/staging/fbtft/fbtft-core.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-)
-- 2.25.1
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. The safe replacement is strscpy() but in this case it is simpler to use the "%*ph" format specifier.
Moreover, with the "0x%02X " in the sprintf followed by the strcat, the msg buffer (now removed) can print 128/5 values (25 hex values). So, the "%*ph" replacement won't cut output earlier than requested since this format specifier can print up to 64 bytes.
Signed-off-by: Len Baker len.baker@gmx.com --- drivers/staging/fbtft/fbtft-core.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c index 3723269890d5..e6286043bff7 100644 --- a/drivers/staging/fbtft/fbtft-core.c +++ b/drivers/staging/fbtft/fbtft-core.c @@ -992,8 +992,6 @@ static int fbtft_init_display_from_property(struct fbtft_par *par) int fbtft_init_display(struct fbtft_par *par) { int buf[64]; - char msg[128]; - char str[16]; int i = 0; int j;
@@ -1036,17 +1034,14 @@ int fbtft_init_display(struct fbtft_par *par) switch (par->init_sequence[i]) { case -1: i++; + /* make debug message */ - strcpy(msg, ""); - j = i + 1; - while (par->init_sequence[j] >= 0) { - sprintf(str, "0x%02X ", par->init_sequence[j]); - strcat(msg, str); - j++; - } + for (j = 0; par->init_sequence[i + 1 + j] >= 0; j++); + fbtft_par_dbg(DEBUG_INIT_DISPLAY, par, - "init: write(0x%02X) %s\n", - par->init_sequence[i], msg); + "init: write(0x%02X) %*ph\n", + par->init_sequence[i], j, + &par->init_sequence[i + 1]);
/* Write */ j = 0; -- 2.25.1
Remove the initialization of the variable "i" since it is written a few lines later.
Signed-off-by: Len Baker len.baker@gmx.com --- drivers/staging/fbtft/fbtft-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c index e6286043bff7..ed896049118c 100644 --- a/drivers/staging/fbtft/fbtft-core.c +++ b/drivers/staging/fbtft/fbtft-core.c @@ -992,7 +992,7 @@ static int fbtft_init_display_from_property(struct fbtft_par *par) int fbtft_init_display(struct fbtft_par *par) { int buf[64]; - int i = 0; + int i; int j;
/* sanity check */ -- 2.25.1
Add braces to the "for" loop. This way, the kernel coding style is followed.
Signed-off-by: Len Baker len.baker@gmx.com --- drivers/staging/fbtft/fbtft-core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c index ed896049118c..ed992ca605eb 100644 --- a/drivers/staging/fbtft/fbtft-core.c +++ b/drivers/staging/fbtft/fbtft-core.c @@ -1003,9 +1003,11 @@ int fbtft_init_display(struct fbtft_par *par) }
/* make sure stop marker exists */ - for (i = 0; i < FBTFT_MAX_INIT_SEQUENCE; i++) + for (i = 0; i < FBTFT_MAX_INIT_SEQUENCE; i++) { if (par->init_sequence[i] == -3) break; + } + if (i == FBTFT_MAX_INIT_SEQUENCE) { dev_err(par->info->device, "missing stop marker at end of init sequence\n"); -- 2.25.1
On Sun, Aug 1, 2021 at 11:53 AM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Greg, Geert, does it make sense to move this driver outside of staging? I would volunteer to maintain it there.
Changelog v1 -> v2
- Add two new commits to clean the code.
- Use the "%*ph" format specifier instead of strscpy() function (Geert Uytterhoeven)
Changelog v2 -> v3
- Change the initialization of the "j" variable in the "for" loop and update the code accordingly (Andy Shevchenko).
- Improve the commit message to inform that the "%*ph" replacement won't cut output earlier than requested (Andy Shevchenko).
- Don't remove the braces in the "if" statement due to the presence of the comment (Geert Uytterhoeven).
Len Baker (3): staging/fbtft: Remove all strcpy() uses staging/fbtft: Remove unnecessary variable initialization staging/fbtft: Fix braces coding style
drivers/staging/fbtft/fbtft-core.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-)
-- 2.25.1
Hi Andy,
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
On Sun, Aug 1, 2021 at 11:53 AM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Due to my email provider restrictions (number of emails per hour), I need to send an email every x time.
Regards, Len
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
On Sun, Aug 1, 2021 at 11:53 AM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Greg, Geert, does it make sense to move this driver outside of staging?
If you clean up everything that needs to be done, yes, please do.
thanks,
greg k-h
On Thu, Aug 5, 2021 at 2:18 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
On Sun, Aug 1, 2021 at 11:53 AM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Greg, Geert, does it make sense to move this driver outside of staging?
If you clean up everything that needs to be done, yes, please do.
Do we have a clear TODO for that?
The current one has the item which is not feasible to achieve in reasonable time. Some of those drivers won't be converted to tiny DRM. So the idea is to keep this out of staging in the maintenance phase (as it currently states, i.e. no new drivers accepted). For the rest I'm not sure what else can be done (checkpatch? coccinelle?). Actually the first sentence in this paragraph is a motivation for moving out of staging.
On Thu, Aug 05, 2021 at 02:30:35PM +0300, Andy Shevchenko wrote:
On Thu, Aug 5, 2021 at 2:18 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
On Sun, Aug 1, 2021 at 11:53 AM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Greg, Geert, does it make sense to move this driver outside of staging?
If you clean up everything that needs to be done, yes, please do.
Do we have a clear TODO for that?
The current one has the item which is not feasible to achieve in reasonable time. Some of those drivers won't be converted to tiny DRM. So the idea is to keep this out of staging in the maintenance phase (as it currently states, i.e. no new drivers accepted). For the rest I'm not sure what else can be done (checkpatch? coccinelle?). Actually the first sentence in this paragraph is a motivation for moving out of staging.
Take it up with the DRM developers/maintainers. If they approve for this to move out of staging without being converted over to use tiny DRM, then I am fine to move it out.
thnks,
greg k-h
+Cc: David, Daniel, Noralf.
The idea is to move fbtft under drivers/fbdev on the same terms, i.e. no acceptance of the new drivers there. The rationale is that for some of the panels it (fbtft) will be the only driver and nobody will convert it to tiny DRM. See more below.
On Thu, Aug 5, 2021 at 2:38 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Thu, Aug 05, 2021 at 02:30:35PM +0300, Andy Shevchenko wrote:
On Thu, Aug 5, 2021 at 2:18 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
On Sun, Aug 1, 2021 at 11:53 AM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. So, this serie removes all strcpy uses from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Greg, Geert, does it make sense to move this driver outside of staging?
If you clean up everything that needs to be done, yes, please do.
Do we have a clear TODO for that?
The current one has the item which is not feasible to achieve in reasonable time. Some of those drivers won't be converted to tiny DRM. So the idea is to keep this out of staging in the maintenance phase (as it currently states, i.e. no new drivers accepted). For the rest I'm not sure what else can be done (checkpatch? coccinelle?). Actually the first sentence in this paragraph is a motivation for moving out of staging.
Take it up with the DRM developers/maintainers. If they approve for this to move out of staging without being converted over to use tiny DRM, then I am fine to move it out.
Got it. Cc'ed this to corresponding people.
dri-devel@lists.freedesktop.org
-
Andy Shevchenko -
Greg Kroah-Hartman -
Len Baker