Re: [PATCH 1/4] staging: sm750fb: replace strcat() with memcpy() in lynxfb_setup()

Next message: Namjae Jeon: "[PATCH v7 17/17] MAINTAINERS: update ntfs filesystem entry"
Previous message: Namjae Jeon: "[PATCH v7 08/17] ntfs: update file operations"
In reply to: Dan Carpenter: "Re: [PATCH 3/4] staging: sm750fb: convert pr_* to dev_* logging in sm750.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dan Carpenter

Date: Wed Feb 04 2026 - 04:52:25 EST

On Tue, Feb 03, 2026 at 11:07:55PM +0000, Artem Lytkin wrote:
> Replace deprecated strcat() with memcpy() in option parsing. The
> destination buffer is allocated with kzalloc (zero-filled) and the
> write position is tracked via pointer, making the null-terminator
> scan in strcat() redundant and potentially unsafe.
>
> Signed-off-by: Artem Lytkin <iprintercanon@xxxxxxxxx>
> ---
> drivers/staging/sm750fb/sm750.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c
> index fecd7457e..4c6e84c03 100644
> --- a/drivers/staging/sm750fb/sm750.c
> +++ b/drivers/staging/sm750fb/sm750.c
> @@ -1163,7 +1163,7 @@ static int __init lynxfb_setup(char *options)
> } else if (!strncmp(opt, "dual", strlen("dual"))) {
> g_dualview = 1;
> } else {
> - strcat(tmp, opt);
> + memcpy(tmp, opt, strlen(opt));

This has exactly the same security issues as the original code.

regards,
dan carpenter

> tmp += strlen(opt);
> if (options)
> *tmp++ = ':';
> --
> 2.43.0
>