strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. So, this serie removes all strcpy uses
from the "staging/fbtft" subsystem.
Also, refactor the code a bit to follow the kernel coding-style and
avoid unnecessary variable initialization.
Changelog v1 -> v2
- Add two new commits to clean the code.
- Use the "%*ph" format specifier instead of strscpy() function (Geert
Uytterhoeven)
Changelog v2 -> v3
- Change the initialization of the "j" variable in the "for" loop and
update the code accordingly (Andy Shevchenko).
- Improve the commit message to inform that the "%*ph" replacement
won't cut output earlier than requested (Andy Shevchenko).
- Don't remove the braces in the "if" statement due to the presence of
the comment (Geert Uytterhoeven).
Len Baker (3):
staging/fbtft: Remove all strcpy() uses
staging/fbtft: Remove unnecessary variable initialization
staging/fbtft: Fix braces coding style
drivers/staging/fbtft/fbtft-core.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
--
2.25.1
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy() but in
this case it is simpler to use the "%*ph" format specifier.
Moreover, with the "0x%02X " in the sprintf followed by the strcat, the
msg buffer (now removed) can print 128/5 values (25 hex values). So, the
"%*ph" replacement won't cut output earlier than requested since this
format specifier can print up to 64 bytes.
Signed-off-by: Len Baker <[email protected]>
---
drivers/staging/fbtft/fbtft-core.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index 3723269890d5..e6286043bff7 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -992,8 +992,6 @@ static int fbtft_init_display_from_property(struct fbtft_par *par)
int fbtft_init_display(struct fbtft_par *par)
{
int buf[64];
- char msg[128];
- char str[16];
int i = 0;
int j;
@@ -1036,17 +1034,14 @@ int fbtft_init_display(struct fbtft_par *par)
switch (par->init_sequence[i]) {
case -1:
i++;
+
/* make debug message */
- strcpy(msg, "");
- j = i + 1;
- while (par->init_sequence[j] >= 0) {
- sprintf(str, "0x%02X ", par->init_sequence[j]);
- strcat(msg, str);
- j++;
- }
+ for (j = 0; par->init_sequence[i + 1 + j] >= 0; j++);
+
fbtft_par_dbg(DEBUG_INIT_DISPLAY, par,
- "init: write(0x%02X) %s\n",
- par->init_sequence[i], msg);
+ "init: write(0x%02X) %*ph\n",
+ par->init_sequence[i], j,
+ &par->init_sequence[i + 1]);
/* Write */
j = 0;
--
2.25.1
Remove the initialization of the variable "i" since it is written a few
lines later.
Signed-off-by: Len Baker <[email protected]>
---
drivers/staging/fbtft/fbtft-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index e6286043bff7..ed896049118c 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -992,7 +992,7 @@ static int fbtft_init_display_from_property(struct fbtft_par *par)
int fbtft_init_display(struct fbtft_par *par)
{
int buf[64];
- int i = 0;
+ int i;
int j;
/* sanity check */
--
2.25.1
On Sun, Aug 1, 2021 at 11:53 AM Len Baker <[email protected]> wrote:
>
> strcpy() performs no bounds checking on the destination buffer. This
> could result in linear overflows beyond the end of the buffer, leading
> to all kinds of misbehaviors. So, this serie removes all strcpy uses
> from the "staging/fbtft" subsystem.
>
> Also, refactor the code a bit to follow the kernel coding-style and
> avoid unnecessary variable initialization.
I don't see patch 3 (even on lore.kernel.org).
Greg, Geert, does it make sense to move this driver outside of staging?
I would volunteer to maintain it there.
> Changelog v1 -> v2
> - Add two new commits to clean the code.
> - Use the "%*ph" format specifier instead of strscpy() function (Geert
> Uytterhoeven)
>
> Changelog v2 -> v3
> - Change the initialization of the "j" variable in the "for" loop and
> update the code accordingly (Andy Shevchenko).
> - Improve the commit message to inform that the "%*ph" replacement
> won't cut output earlier than requested (Andy Shevchenko).
> - Don't remove the braces in the "if" statement due to the presence of
> the comment (Geert Uytterhoeven).
>
> Len Baker (3):
> staging/fbtft: Remove all strcpy() uses
> staging/fbtft: Remove unnecessary variable initialization
> staging/fbtft: Fix braces coding style
>
> drivers/staging/fbtft/fbtft-core.c | 23 ++++++++++-------------
> 1 file changed, 10 insertions(+), 13 deletions(-)
>
> --
> 2.25.1
>
--
With Best Regards,
Andy Shevchenko
Add braces to the "for" loop. This way, the kernel coding style is
followed.
Signed-off-by: Len Baker <[email protected]>
---
drivers/staging/fbtft/fbtft-core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index ed896049118c..ed992ca605eb 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -1003,9 +1003,11 @@ int fbtft_init_display(struct fbtft_par *par)
}
/* make sure stop marker exists */
- for (i = 0; i < FBTFT_MAX_INIT_SEQUENCE; i++)
+ for (i = 0; i < FBTFT_MAX_INIT_SEQUENCE; i++) {
if (par->init_sequence[i] == -3)
break;
+ }
+
if (i == FBTFT_MAX_INIT_SEQUENCE) {
dev_err(par->info->device,
"missing stop marker at end of init sequence\n");
--
2.25.1
Hi Andy,
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
> On Sun, Aug 1, 2021 at 11:53 AM Len Baker <[email protected]> wrote:
> >
> > strcpy() performs no bounds checking on the destination buffer. This
> > could result in linear overflows beyond the end of the buffer, leading
> > to all kinds of misbehaviors. So, this serie removes all strcpy uses
> > from the "staging/fbtft" subsystem.
> >
> > Also, refactor the code a bit to follow the kernel coding-style and
> > avoid unnecessary variable initialization.
>
> I don't see patch 3 (even on lore.kernel.org).
Due to my email provider restrictions (number of emails per hour), I
need to send an email every x time.
Regards,
Len
On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
> On Sun, Aug 1, 2021 at 11:53 AM Len Baker <[email protected]> wrote:
> >
> > strcpy() performs no bounds checking on the destination buffer. This
> > could result in linear overflows beyond the end of the buffer, leading
> > to all kinds of misbehaviors. So, this serie removes all strcpy uses
> > from the "staging/fbtft" subsystem.
> >
> > Also, refactor the code a bit to follow the kernel coding-style and
> > avoid unnecessary variable initialization.
>
> I don't see patch 3 (even on lore.kernel.org).
>
> Greg, Geert, does it make sense to move this driver outside of staging?
If you clean up everything that needs to be done, yes, please do.
thanks,
greg k-h
On Thu, Aug 5, 2021 at 2:18 PM Greg Kroah-Hartman
<[email protected]> wrote:
> On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
> > On Sun, Aug 1, 2021 at 11:53 AM Len Baker <[email protected]> wrote:
> > >
> > > strcpy() performs no bounds checking on the destination buffer. This
> > > could result in linear overflows beyond the end of the buffer, leading
> > > to all kinds of misbehaviors. So, this serie removes all strcpy uses
> > > from the "staging/fbtft" subsystem.
> > >
> > > Also, refactor the code a bit to follow the kernel coding-style and
> > > avoid unnecessary variable initialization.
> >
> > I don't see patch 3 (even on lore.kernel.org).
> >
> > Greg, Geert, does it make sense to move this driver outside of staging?
>
> If you clean up everything that needs to be done, yes, please do.
Do we have a clear TODO for that?
The current one has the item which is not feasible to achieve in
reasonable time. Some of those drivers won't be converted to tiny DRM.
So the idea is to keep this out of staging in the maintenance phase
(as it currently states, i.e. no new drivers accepted). For the rest
I'm not sure what else can be done (checkpatch? coccinelle?).
Actually the first sentence in this paragraph is a motivation for
moving out of staging.
--
With Best Regards,
Andy Shevchenko
On Thu, Aug 05, 2021 at 02:30:35PM +0300, Andy Shevchenko wrote:
> On Thu, Aug 5, 2021 at 2:18 PM Greg Kroah-Hartman
> <[email protected]> wrote:
> > On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
> > > On Sun, Aug 1, 2021 at 11:53 AM Len Baker <[email protected]> wrote:
> > > >
> > > > strcpy() performs no bounds checking on the destination buffer. This
> > > > could result in linear overflows beyond the end of the buffer, leading
> > > > to all kinds of misbehaviors. So, this serie removes all strcpy uses
> > > > from the "staging/fbtft" subsystem.
> > > >
> > > > Also, refactor the code a bit to follow the kernel coding-style and
> > > > avoid unnecessary variable initialization.
> > >
> > > I don't see patch 3 (even on lore.kernel.org).
> > >
> > > Greg, Geert, does it make sense to move this driver outside of staging?
> >
> > If you clean up everything that needs to be done, yes, please do.
>
> Do we have a clear TODO for that?
>
> The current one has the item which is not feasible to achieve in
> reasonable time. Some of those drivers won't be converted to tiny DRM.
> So the idea is to keep this out of staging in the maintenance phase
> (as it currently states, i.e. no new drivers accepted). For the rest
> I'm not sure what else can be done (checkpatch? coccinelle?).
> Actually the first sentence in this paragraph is a motivation for
> moving out of staging.
Take it up with the DRM developers/maintainers. If they approve for
this to move out of staging without being converted over to use tiny
DRM, then I am fine to move it out.
thnks,
greg k-h
+Cc: David, Daniel, Noralf.
The idea is to move fbtft under drivers/fbdev on the same terms, i.e.
no acceptance of the new drivers there.
The rationale is that for some of the panels it (fbtft) will be the
only driver and nobody will convert it to tiny DRM.
See more below.
On Thu, Aug 5, 2021 at 2:38 PM Greg Kroah-Hartman
<[email protected]> wrote:
> On Thu, Aug 05, 2021 at 02:30:35PM +0300, Andy Shevchenko wrote:
> > On Thu, Aug 5, 2021 at 2:18 PM Greg Kroah-Hartman
> > <[email protected]> wrote:
> > > On Sun, Aug 01, 2021 at 02:40:40PM +0300, Andy Shevchenko wrote:
> > > > On Sun, Aug 1, 2021 at 11:53 AM Len Baker <[email protected]> wrote:
> > > > >
> > > > > strcpy() performs no bounds checking on the destination buffer. This
> > > > > could result in linear overflows beyond the end of the buffer, leading
> > > > > to all kinds of misbehaviors. So, this serie removes all strcpy uses
> > > > > from the "staging/fbtft" subsystem.
> > > > >
> > > > > Also, refactor the code a bit to follow the kernel coding-style and
> > > > > avoid unnecessary variable initialization.
> > > >
> > > > I don't see patch 3 (even on lore.kernel.org).
> > > >
> > > > Greg, Geert, does it make sense to move this driver outside of staging?
> > >
> > > If you clean up everything that needs to be done, yes, please do.
> >
> > Do we have a clear TODO for that?
> >
> > The current one has the item which is not feasible to achieve in
> > reasonable time. Some of those drivers won't be converted to tiny DRM.
> > So the idea is to keep this out of staging in the maintenance phase
> > (as it currently states, i.e. no new drivers accepted). For the rest
> > I'm not sure what else can be done (checkpatch? coccinelle?).
> > Actually the first sentence in this paragraph is a motivation for
> > moving out of staging.
>
> Take it up with the DRM developers/maintainers. If they approve for
> this to move out of staging without being converted over to use tiny
> DRM, then I am fine to move it out.
Got it. Cc'ed this to corresponding people.
--
With Best Regards,
Andy Shevchenko