diff options
| author | Timur Tabi <timur@freescale.com> | 2011-09-15 16:44:54 -0500 |
|---|---|---|
| committer | Florian Tobias Schandinat <FlorianSchandinat@gmx.de> | 2011-09-18 20:08:57 +0000 |
| commit | ec02dd23dc423cf019f660a63ac9c9d54840a473 (patch) | |
| tree | 746c6f1e2284eebdad5d759983c3351b076045e9 /drivers/video/fsl-diu-fb.c | |
| parent | f8c6bf6ae677663adbf91b882755e3f757fb1669 (diff) | |
drivers/video: fsl-diu-fb: fix potential memcpy buffer overflow bug
It makes no sense to limit the size of a strncpy() to the length of
the source string.
Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Diffstat (limited to 'drivers/video/fsl-diu-fb.c')
| -rw-r--r-- | drivers/video/fsl-diu-fb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/video/fsl-diu-fb.c b/drivers/video/fsl-diu-fb.c index 19bfbf5bb980..3776949d6183 100644 --- a/drivers/video/fsl-diu-fb.c +++ b/drivers/video/fsl-diu-fb.c @@ -655,7 +655,7 @@ static void set_fix(struct fb_info *info) struct fb_var_screeninfo *var = &info->var; struct mfb_info *mfbi = info->par; - strncpy(fix->id, mfbi->id, strlen(mfbi->id)); + strncpy(fix->id, mfbi->id, sizeof(fix->id)); fix->line_length = var->xres_virtual * var->bits_per_pixel / 8; fix->type = FB_TYPE_PACKED_PIXELS; fix->accel = FB_ACCEL_NONE; |