[PATCH] drm/amd/display: Fix overflow/truncation from strncpy.

Harry Wentland harry.wentland at amd.com
Fri Jul 20 15:20:38 UTC 2018 

On 2018-07-20 10:17 AM, Nicholas Kazlauskas wrote:
> [Why]
> 
> New GCC warnings for stringop-truncation and stringop-overflow help
> catch common misuse of strncpy. This patch suppresses these warnings
> by fixing bugs identified by them.
> 
> [How]
> 
> Since the parameter passed for name in amdpgu_dm_create_common_mode has
> no fixed length, if the string is >= DRM_DISPLAY_MODE_LEN then
> mode->name will not be null-terminated.
> 
> The truncation in fill_audio_info won't actually occur (and the string
> will be null-terminated since the buffer is initialized to zero), but
> the warning can be suppressed by using the proper buffer size.
> 
> This patch fixes both issues by using the real size for the buffer and
> making use of strscpy (which always terminates).
> 
> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas at amd.com>

Reviewed-by: Harry Wentland <harry.wentland at amd.com>

Please merge to amd-staging-drm-next and back-merge to the internal tree.

Harry

> ---
>  drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> index 8e3ebd988043..72d32dfa9f7f 100644
> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
> @@ -2331,9 +2331,9 @@ static void fill_audio_info(struct audio_info *audio_info,
>  
>  	cea_revision = drm_connector->display_info.cea_rev;
>  
> -	strncpy(audio_info->display_name,
> +	strscpy(audio_info->display_name,
>  		edid_caps->display_name,
> -		AUDIO_INFO_DISPLAY_NAME_SIZE_IN_CHARS - 1);
> +		AUDIO_INFO_DISPLAY_NAME_SIZE_IN_CHARS);
>  
>  	if (cea_revision >= 3) {
>  		audio_info->mode_count = edid_caps->audio_mode_count;
> @@ -3449,7 +3449,7 @@ amdgpu_dm_create_common_mode(struct drm_encoder *encoder,
>  	mode->hdisplay = hdisplay;
>  	mode->vdisplay = vdisplay;
>  	mode->type &= ~DRM_MODE_TYPE_PREFERRED;
> -	strncpy(mode->name, name, DRM_DISPLAY_MODE_LEN);
> +	strscpy(mode->name, name, DRM_DISPLAY_MODE_LEN);
>  
>  	return mode;
>  
>

More information about the amd-gfx mailing list