From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD7563D667E for ; Wed, 4 Feb 2026 10:15:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770200140; cv=none; b=DA3WWeFgr2cAnJmISxb3euZBgIRq7w8Qv5cQ2bd7DA99ls+7YjUfTiAFvFUx0gb07rvs2LHvhWMI59yh38x5Ii35wjcLaxwOIQgLkF97Xv1qnzG+e+lZ/WHORb5X3RjhKON6clf4QRawcJEAbUN8hEF7VRRFK1Zr97O3J+7bIwM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770200140; c=relaxed/simple; bh=dIsnl0t5FVP9ysSEsc5j1G1gdI61iy67zWOeVDaBYrk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=DHHm/12gyHuPdhYdoSkxHcYiJITzww+8Acu5ArJgnlKyS8l7NM2phwb9jCBQHgDX3k/SAbV0dvRXOSLyG0OPWrAYxypVLyU6b9vJfgNaftEgk4G3tMSKP+weqDIQ+6v1hkfxozcihqK0VdxKLR35h8yDGOyNrAUXaW4GUFCQK8Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WRSWpPq/; arc=none smtp.client-ip=209.85.218.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WRSWpPq/" Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-b8849dc12f6so953903366b.1 for ; Wed, 04 Feb 2026 02:15:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770200138; x=1770804938; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=LV9toMtWaG2CnsQFvTzbMI2fAsoGpmrHbF+Al0cv328=; b=WRSWpPq/pQbDYvTKO3EukyyLO/mMLEHNqrshhmW19A0/BqNRzSbmleIZUKFaeMHKjs lCQvcUsWUSmGF7BRjOGCuFxVdgcNy0XD9cw6l0SfXiBO3+nFNJ/CC6FKVdXDhgML4AJW kq9KjqLen2X6nMz6cD5ukx3RVGokNzHhBIEvJw4PT6PlD9jsxnKimq1tQbss2kM0NaJY 9t4Z0V/2O+cAUlhmboc6uL4N7Fan9ocihoCjbVZz+pFCfHulviHdFROfajm/qplx9W0P +s7swOwdyb5mc5TzSVEcjW3qj0e9PnB/dgIOfuo0GLPEl0iv5pTxqRZkXZTu5c1MJjkH owOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770200138; x=1770804938; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=LV9toMtWaG2CnsQFvTzbMI2fAsoGpmrHbF+Al0cv328=; b=sCokC1OPRu4Z8gmH1wbvNYQOn6PdWRXlFeAuDJvEvABl5Uz/AK+owlr59buuEBMFch 1txu24nOoFXQiRkyz5VZsQHCnZ4BWeweC2ZfbNw+MFnB/v/weDjBWxfous0fQpObwVek luEs6GY6WSqFNd2tga9HnnLqQFZcpMAge8JnXasDVWZIkQjAL/8KgYUbeylVuXN4B7kR KcaFH9ZGDV0rJKKTwYe6oowsJS7ySX3GP4yoTxdjhdsMh1rsflncQfT24CsrV3/vlfMj 41bGZt+8wKstXZiPUH8uPoTdVxnjkasW60e/XERERXEoHmRbTYLxnctMsI4QwDIoT8AM TSaw== X-Forwarded-Encrypted: i=1; AJvYcCVBEL9iqw7aSjcT7M7tyrZxEqIrCUd/lm98vwfu6SmY89ZLtmyQXf5e+cWwKG4ldmZs+jQxbLYmH0Qmnaw=@vger.kernel.org X-Gm-Message-State: AOJu0YxnF5Gme1AwfjWaW5V1KEeRX5etfjS/DAi3UCqhDSeTafdu2lrB uuwExpetvcu/6kxO6Fz3wJasGntyXJNiBcNzBEKdy51c8tiSZ8sWgdGq X-Gm-Gg: AZuq6aKeCLKTLS3Oi/u50iBa9Iv6SI62icMs/4Z2uZ76KlPc86ZdaJCIB2nSIRFVKjq 8RKy1Sie1DS8FfqYAFuw3iE5svkoUkCis9mn/8Yw4d3PhRFQy/iO6YZDm0xRtawaCc8+dJeN3kJ TKmZbzcAZzpqk4fh9NNRdoIodlm8168wlnlj5TeDBHq6VvyXThK3RXUsHCmpsrUAtPqlXh6qGDI P+FKGNPhZg8WI6ltfzoR8LzCTr68+v21cHr7ZRER3mtI3b628CCzLYzuqeph9rK/VOai8eiunIH wzlHc3l5ErQbgUklNLlGembAE6hLkhA+lFfxIdp+5tn6/g+LsHTZQXxgDgW0eLnlvswPpDNh9VD kV/Uw+md0+oiIZdNRV9tR1Xu6gMUVCVxgzRLEqBr0elgcyixoT5D8m81W0uk/Vd8JaoEa/VPIYB hEWm/+J9BATCVF4aVKc0dDs52keGBw/gDoVGm9vyTK6mhLpiHH4ExSRlcWvn7N01uSsxex8VQYl X7o2HVGhmr6tSpzPqjHBYrDIR5sBQtv9aB0lx8mCnEMV4VGun5rTtqH2IIjbQ== X-Received: by 2002:a17:907:702:b0:b8a:f2de:e329 with SMTP id a640c23a62f3a-b8e9f080fdbmr169876966b.25.1770200137825; Wed, 04 Feb 2026 02:15:37 -0800 (PST) Received: from cs-874966990260-default.europe-west4-b.c.od237066db22328bb-tp.internal (181.183.90.34.bc.googleusercontent.com. [34.90.183.181]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b8e9fef0e17sm106440366b.33.2026.02.04.02.15.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Feb 2026 02:15:37 -0800 (PST) From: Artem Lytkin To: Sudip Mukherjee , Teddy Wang , Greg Kroah-Hartman Cc: linux-fbdev@vger.kernel.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, Artem Lytkin Subject: [PATCH v2 1/4] staging: sm750fb: add bounds checking to option parsing in lynxfb_setup() Date: Wed, 4 Feb 2026 10:15:33 +0000 Message-ID: <20260204101536.3311-1-iprintercanon@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Replace strcat() with memcpy() and add explicit bounds checking on the remaining buffer space before each copy. The original code lacked any validation that the write position stays within the allocated buffer. Signed-off-by: Artem Lytkin --- drivers/staging/sm750fb/sm750.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c index fecd7457e..0eacb522d 100644 --- a/drivers/staging/sm750fb/sm750.c +++ b/drivers/staging/sm750fb/sm750.c @@ -1163,8 +1163,15 @@ static int __init lynxfb_setup(char *options) } else if (!strncmp(opt, "dual", strlen("dual"))) { g_dualview = 1; } else { - strcat(tmp, opt); - tmp += strlen(opt); + size_t opt_len = strlen(opt); + size_t remaining = len - (tmp - g_settings); + + if (opt_len + 1 >= remaining) { + pr_warn("option string too long\n"); + break; + } + memcpy(tmp, opt, opt_len); + tmp += opt_len; if (options) *tmp++ = ':'; else -- 2.43.0