Re: [PATCH] staging: fbtft: fix unaligned access and txbuf safety issues
From: Andy Shevchenko
Date: Thu Jun 25 2026 - 10:06:18 EST
On Thu, Jun 25, 2026 at 07:42:15PM +0800, suryasaimadhu wrote:
> This patch addresses several pre-existing issues in the fbtft driver:
>
> 1. define_fbtft_write_reg(): when par->startbyte is set, buf is
> advanced by one byte creating a misaligned pointer for 16-bit types.
> Use put_unaligned() for register writes and fix the SPI transfer
> size from len * (sizeof(data_type) + offset) to
> len * sizeof(data_type) + offset.
>
> 2. fbtft_write_vmem16_bus8() and fb_ra8875 write_vmem16_bus8(): same
> unaligned 16-bit stores when txbuf is byte-offset for a start
> prefix. Use put_unaligned() for pixel data copies.
>
> 3. tx_array_size underflow: both vmem helpers subtract 2 from
> tx_array_size when a startbyte prefix is used. A small txbuflen
> device property causes unsigned underflow and out-of-bounds heap
> writes. Fall back to the non-buffered write path when the buffer
> is too small.
>
> 4. fb_ra8875 write_vmem16_bus8(): missing NULL check for
> par->txbuf.buf, which remains NULL on big-endian when txbuflen is
> 0 because the PAGE_SIZE fallback is little-endian only. Fall back
> to direct write when the buffer is missing.
>
> Also replace empty modifier arguments in define_fbtft_write_reg() with
> a no-op macro to fix checkpatch warnings.
This looks like v2 of the thing without changelog and addressing the comments
that have been given against v1. I'm not even going to review that.
Please, consolidate feedback, take your time to study process documentation
(Documentation/process/* in the Linux kernel source tree) and try again a bit
later.
(The fix and report are valuable in general, thanks for doing that.)
--
With Best Regards,
Andy Shevchenko