From: Timur Tabi Date: Thu, 15 Sep 2011 21:44:54 +0000 (-0500) Subject: drivers/video: fsl-diu-fb: fix potential memcpy buffer overflow bug X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ec02dd23dc423cf019f660a63ac9c9d54840a473;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git drivers/video: fsl-diu-fb: fix potential memcpy buffer overflow bug It makes no sense to limit the size of a strncpy() to the length of the source string. Signed-off-by: Timur Tabi Signed-off-by: Florian Tobias Schandinat --- diff --git a/drivers/video/fsl-diu-fb.c b/drivers/video/fsl-diu-fb.c index 19bfbf5bb980..3776949d6183 100644 --- a/drivers/video/fsl-diu-fb.c +++ b/drivers/video/fsl-diu-fb.c @@ -655,7 +655,7 @@ static void set_fix(struct fb_info *info) struct fb_var_screeninfo *var = &info->var; struct mfb_info *mfbi = info->par; - strncpy(fix->id, mfbi->id, strlen(mfbi->id)); + strncpy(fix->id, mfbi->id, sizeof(fix->id)); fix->line_length = var->xres_virtual * var->bits_per_pixel / 8; fix->type = FB_TYPE_PACKED_PIXELS; fix->accel = FB_ACCEL_NONE;