[PATCH v2] staging: fbtft: fix out of bound access
From: Sudip Mukherjee
Date: Thu Jun 04 2015 - 09:35:10 EST
str was 16 bytes but was mentioned as 128 in snprintf.
again msg is 128 bytes but not sufficient to hold the complete debug
message of register values.
Now removed the use of str, msg and print the register values from the
loop.
Signed-off-by: Sudip Mukherjee <sudip@xxxxxxxxxxxxxxx>
---
v2: removed the use of msg and str.
drivers/staging/fbtft/fbtft-core.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
index ce64521..c1502c3 100644
--- a/drivers/staging/fbtft/fbtft-core.c
+++ b/drivers/staging/fbtft/fbtft-core.c
@@ -1067,8 +1067,6 @@ static int fbtft_init_display_dt(struct fbtft_par *par)
const __be32 *p;
u32 val;
int buf[64], i, j;
- char msg[128];
- char str[16];
fbtft_par_dbg(DEBUG_INIT_DISPLAY, par, "%s()\n", __func__);
@@ -1094,13 +1092,11 @@ static int fbtft_init_display_dt(struct fbtft_par *par)
p = of_prop_next_u32(prop, p, &val);
}
/* make debug message */
- msg[0] = '\0';
- for (j = 0; j < i; j++) {
- snprintf(str, 128, " %02X", buf[j]);
- strcat(msg, str);
- }
fbtft_par_dbg(DEBUG_INIT_DISPLAY, par,
"init: write_register:%s\n", msg);
+ for (j = 0; j < i; j++)
+ fbtft_par_dbg(DEBUG_INIT_DISPLAY, par,
+ "buf[%d] = %02X\n", j, buf[j]);
par->fbtftops.write_register(par, i,
buf[0], buf[1], buf[2], buf[3],
--
1.8.1.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/