Commit ec02dd23 authored by Timur Tabi's avatar Timur Tabi Committed by Florian Tobias Schandinat

drivers/video: fsl-diu-fb: fix potential memcpy buffer overflow bug

It makes no sense to limit the size of a strncpy() to the length of
the source string.
Signed-off-by: default avatarTimur Tabi <timur@freescale.com>
Signed-off-by: default avatarFlorian Tobias Schandinat <FlorianSchandinat@gmx.de>
parent f8c6bf6a
...@@ -655,7 +655,7 @@ static void set_fix(struct fb_info *info) ...@@ -655,7 +655,7 @@ static void set_fix(struct fb_info *info)
struct fb_var_screeninfo *var = &info->var; struct fb_var_screeninfo *var = &info->var;
struct mfb_info *mfbi = info->par; struct mfb_info *mfbi = info->par;
strncpy(fix->id, mfbi->id, strlen(mfbi->id)); strncpy(fix->id, mfbi->id, sizeof(fix->id));
fix->line_length = var->xres_virtual * var->bits_per_pixel / 8; fix->line_length = var->xres_virtual * var->bits_per_pixel / 8;
fix->type = FB_TYPE_PACKED_PIXELS; fix->type = FB_TYPE_PACKED_PIXELS;
fix->accel = FB_ACCEL_NONE; fix->accel = FB_ACCEL_NONE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment