Bug 9565 - Truncated names on neofb
Summary: Truncated names on neofb
Status: REJECTED WILL_NOT_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: Video(Other) (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_video-other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-14 14:47 UTC by Marcio Buss
Modified: 2009-03-24 04:11 UTC (History)
0 users

See Also:
Kernel Version: 2.6.23
Subsystem:
Regression: ---
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marcio Buss 2007-12-14 14:47:33 UTC 
On file drivers/video/neofb.c it seems there are multiple buffer overrrun
errors involving "info->fix.id" For example, on line 2103 the statement

sprintf(info->fix.id, "MagicGraph 256XL+");

writes 18 bytes (including the terminator character) into info->fix.id,
yet fix.id is only 16 bytes long. Is there any catch here, or the programmer
did overlook the lenght of "id"?
Comment 1 Andrew Morton 2007-12-21 15:47:06 UTC 
I queued neofb-avoid-overwriting-fb_info-fields.patch to address this.
Comment 2 Pete Zaitcev 2008-02-05 16:46:51 UTC 
It is a correct patch w.r.to the overflow, but it produces truncated
names. I would rather see one which renames "MagicGraph 128V+" into
"MagicGr 128V+". An in any case snprintf is clearly an overkill where
strlcpy would do.
Comment 3 Alan 2008-09-22 10:45:28 UTC 
Changing title to reflect current bug
Note You need to log in before you can comment on or make changes to this bug.