From: Andi Shyti Date: Wed, 7 Dec 2016 07:52:25 +0000 (+0900) Subject: input: ist3xx: replace misused strncat with s(n)printf X-Git-Tag: accepted/tizen/mobile/20161226.131349^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F65%2F103665%2F3;p=profile%2Fmobile%2Fplatform%2Fkernel%2Flinux-3.10-sc7730.git input: ist3xx: replace misused strncat with s(n)printf strncat is used improperly exposing the driver to a buffer overflow risk. Use s(n)printf instead. An implicit result of this patch is some code simplification. Change-Id: I7dfb61addf015362fed1a4ebd595ac533a012a48 Signed-off-by: Andi Shyti --- diff --git a/drivers/input/touchscreen/imagis_30xxc/ist30xxc_sec.c b/drivers/input/touchscreen/imagis_30xxc/ist30xxc_sec.c index 9f21fd1..1ff3e40 100644 --- a/drivers/input/touchscreen/imagis_30xxc/ist30xxc_sec.c +++ b/drivers/input/touchscreen/imagis_30xxc/ist30xxc_sec.c @@ -139,11 +139,8 @@ int ist30xx_get_key_sensitivity(struct ist30xx_data *data, int id) /* Factory CMD function */ static void set_default_result(struct sec_factory *sec) { - char delim = ':'; - memset(sec->cmd_result, 0, sec->cmd_result_length); - memcpy(sec->cmd_result, sec->cmd, strlen(sec->cmd)); - strncat(sec->cmd_result, &delim, CMD_STATE_RUNNING); + snprintf(sec->cmd_result, sec->cmd_result_length, "%s:", sec->cmd); } static void set_cmd_result(struct sec_factory *sec, char *buf, int len) @@ -1766,7 +1763,7 @@ static ssize_t show_cmd_list(struct device *dev, struct device_attribute while(strncmp(tsp_cmds[ii].cmd_name, "not_support_cmd", 16) != 0) { snprintf(temp, COMMAND_LENGTH, "%s\n", tsp_cmds[ii].cmd_name); - strncat(buffer, temp, COMMAND_LENGTH); + strlcat(buffer, temp, sizeof(buffer)); ii++; } diff --git a/drivers/input/touchscreen/imagis_30xxc/ist30xxc_update.c b/drivers/input/touchscreen/imagis_30xxc/ist30xxc_update.c index 1e020fe..0235596 100644 --- a/drivers/input/touchscreen/imagis_30xxc/ist30xxc_update.c +++ b/drivers/input/touchscreen/imagis_30xxc/ist30xxc_update.c @@ -1528,7 +1528,6 @@ ssize_t ist30xx_fw_version_show(struct device *dev, #if IST30XX_INTERNAL_BIN { - char msg[128]; const struct firmware *firmware = NULL; struct ist30xx_fw *fw = &data->fw; int ret; @@ -1545,15 +1544,13 @@ ssize_t ist30xx_fw_version_show(struct device *dev, } ret = ist30xx_get_update_info(data, data->fw.buf, data->fw.buf_size); - if (ret == 0) { - count += snprintf(msg, sizeof(msg), - " Header - main: %x, fw: %x, test: %x, core: %x\n", + if (ret == 0) + count += sprintf(buf + count, + "Header - main: %x, fw: %x, test: %x, core: %x\n", ist30xx_parse_ver(data, FLAG_MAIN, data->fw.buf), ist30xx_parse_ver(data, FLAG_FW, data->fw.buf), ist30xx_parse_ver(data, FLAG_TEST, data->fw.buf), ist30xx_parse_ver(data, FLAG_CORE, data->fw.buf)); - strncat(buf, msg, sizeof(msg)); - } if (data->dt_data->fw_bin && firmware) { release_firmware(firmware); diff --git a/drivers/input/touchscreen/ist30xx/ist30xx_sec.c b/drivers/input/touchscreen/ist30xx/ist30xx_sec.c index d18c3b4..de6e49b 100644 --- a/drivers/input/touchscreen/ist30xx/ist30xx_sec.c +++ b/drivers/input/touchscreen/ist30xx/ist30xx_sec.c @@ -123,11 +123,8 @@ int ist30xxb_get_key_sensitivity(struct ist30xx_data *data, int id) /* Factory CMD function */ static void set_default_result(struct sec_factory *sec) { - char delim = ':'; - memset(sec->cmd_result, 0, ARRAY_SIZE(sec->cmd_result)); - memcpy(sec->cmd_result, sec->cmd, strlen(sec->cmd)); - strncat(sec->cmd_result, &delim, CMD_STATE_RUNNING); + snprintf(sec->cmd_result, SEC_CMD_RESULT_STR_LEN, "%s:", sec->cmd); } static void set_cmd_result(struct sec_factory *sec, char *buf, int len) diff --git a/drivers/input/touchscreen/ist30xx/ist30xx_update.c b/drivers/input/touchscreen/ist30xx/ist30xx_update.c index 1737906..9e49d53 100644 --- a/drivers/input/touchscreen/ist30xx/ist30xx_update.c +++ b/drivers/input/touchscreen/ist30xx/ist30xx_update.c @@ -1388,18 +1388,13 @@ ssize_t ist30xx_fw_version(struct device *dev, struct device_attribute *attr, ts_data->fw.param_ver, ts_data->fw.sub_ver); #if IST30XX_INTERNAL_BIN - { - char msg[128]; + ist30xx_get_update_info(ts_data, ts_data->fw.buf, ts_data->fw.buf_size); - ist30xx_get_update_info(ts_data, ts_data->fw.buf, ts_data->fw.buf_size); - - count += snprintf(msg, sizeof(msg), - " Header - f/w ver: %x, param: %x, sub: %x\r\n", - ist30xx_parse_ver(FLAG_FW, ts_data->fw.buf), - ist30xx_parse_ver(FLAG_PARAM, ts_data->fw.buf), - ist30xx_parse_ver(FLAG_SUB, ts_data->fw.buf)); - strncat(buf, msg, sizeof(msg)); - } + count += sprintf(buf + count, + "Header - f/w ver: %x, param: %x, sub: %x\r\n", + ist30xx_parse_ver(FLAG_FW, ts_data->fw.buf), + ist30xx_parse_ver(FLAG_PARAM, ts_data->fw.buf), + ist30xx_parse_ver(FLAG_SUB, ts_data->fw.buf)); #endif return count; diff --git a/drivers/input/touchscreen/ist30xxa/ist30xx_sec.c b/drivers/input/touchscreen/ist30xxa/ist30xx_sec.c index e8fae49..e1c7547 100644 --- a/drivers/input/touchscreen/ist30xxa/ist30xx_sec.c +++ b/drivers/input/touchscreen/ist30xxa/ist30xx_sec.c @@ -124,11 +124,8 @@ int ist30xxb_get_key_sensitivity(struct ist30xx_data *data, int id) /* Factory CMD function */ static void set_default_result(struct sec_factory *sec) { - char delim = ':'; - memset(sec->cmd_result, 0, ARRAY_SIZE(sec->cmd_result)); - memcpy(sec->cmd_result, sec->cmd, strlen(sec->cmd)); - strncat(sec->cmd_result, &delim, CMD_STATE_RUNNING); + snprintf(sec->cmd_result, SEC_CMD_RESULT_STR_LEN, "%s:", sec->cmd); } static void set_cmd_result(struct sec_factory *sec, char *buf, int len) diff --git a/drivers/input/touchscreen/ist30xxa/ist30xx_update.c b/drivers/input/touchscreen/ist30xxa/ist30xx_update.c index ec36fb3..f753cba 100644 --- a/drivers/input/touchscreen/ist30xxa/ist30xx_update.c +++ b/drivers/input/touchscreen/ist30xxa/ist30xx_update.c @@ -1290,18 +1290,13 @@ ssize_t ist30xx_fw_version_show(struct device *dev, ts_data->fw.param_ver, ts_data->fw.sub_ver); #if IST30XX_INTERNAL_BIN - { - char msg[128]; + ist30xx_get_update_info(ts_data, ts_data->fw.buf, ts_data->fw.buf_size); - ist30xx_get_update_info(ts_data, ts_data->fw.buf, ts_data->fw.buf_size); - - count += snprintf(msg, sizeof(msg), - " Header - f/w ver: %x, param: %x, sub: %x\r\n", - ist30xx_parse_ver(FLAG_FW, ts_data->fw.buf), - ist30xx_parse_ver(FLAG_PARAM, ts_data->fw.buf), - ist30xx_parse_ver(FLAG_SUB, ts_data->fw.buf)); - strncat(buf, msg, sizeof(msg)); - } + count += sprintf(buf + count, + "Header - f/w ver: %x, param: %x, sub: %x\r\n", + ist30xx_parse_ver(FLAG_FW, ts_data->fw.buf), + ist30xx_parse_ver(FLAG_PARAM, ts_data->fw.buf), + ist30xx_parse_ver(FLAG_SUB, ts_data->fw.buf)); #endif return count; diff --git a/drivers/input/touchscreen/ist30xxb/ist30xxb_sec.c b/drivers/input/touchscreen/ist30xxb/ist30xxb_sec.c index d8ee815..f0b4c66 100755 --- a/drivers/input/touchscreen/ist30xxb/ist30xxb_sec.c +++ b/drivers/input/touchscreen/ist30xxb/ist30xxb_sec.c @@ -113,11 +113,8 @@ int ist30xxb_get_key_sensitivity(struct ist30xx_data *data, int id) /* Factory CMD function */ static void set_default_result(struct sec_factory *sec) { - char delim = ':'; - memset(sec->cmd_result, 0, ARRAY_SIZE(sec->cmd_result)); - memcpy(sec->cmd_result, sec->cmd, strlen(sec->cmd)); - strncat(sec->cmd_result, &delim, CMD_STATE_RUNNING); + snprintf(sec->cmd_result, SEC_CMD_RESULT_STR_LEN, "%s:", sec->cmd); } static void set_cmd_result(struct sec_factory *sec, char *buf, int len) diff --git a/drivers/input/touchscreen/ist30xxb/ist30xxb_update.c b/drivers/input/touchscreen/ist30xxb/ist30xxb_update.c index 40b1f6d..b14805e 100644 --- a/drivers/input/touchscreen/ist30xxb/ist30xxb_update.c +++ b/drivers/input/touchscreen/ist30xxb/ist30xxb_update.c @@ -1305,17 +1305,12 @@ ssize_t ist30xx_fw_version(struct device *dev, struct device_attribute *attr, ts_data->chip_id, ts_data->fw.core_ver, ts_data->fw.param_ver); #if IST30XX_INTERNAL_BIN - { - char msg[128]; + ist30xx_get_update_info(ts_data, ts_data->fw.buf, ts_data->fw.buf_size); - ist30xx_get_update_info(ts_data, ts_data->fw.buf, ts_data->fw.buf_size); - - count += snprintf(msg, sizeof(msg), - " Header - f/w ver: 0x%x, param ver: 0x%x\r\n", - ist30xx_parse_ver(FLAG_FW, ts_data->fw.buf), - ist30xx_parse_ver(FLAG_PARAM, ts_data->fw.buf)); - strncat(buf, msg, sizeof(msg)); - } + count += snprintf(buf + count, + "Header - f/w ver: 0x%x, param ver: 0x%x\r\n", + ist30xx_parse_ver(FLAG_FW, ts_data->fw.buf), + ist30xx_parse_ver(FLAG_PARAM, ts_data->fw.buf)); #endif return count; diff --git a/drivers/input/touchscreen/ist30xxc/ist30xxc_sec.c b/drivers/input/touchscreen/ist30xxc/ist30xxc_sec.c index c9b8253..48d27fe 100644 --- a/drivers/input/touchscreen/ist30xxc/ist30xxc_sec.c +++ b/drivers/input/touchscreen/ist30xxc/ist30xxc_sec.c @@ -120,11 +120,8 @@ int ist30xx_get_key_sensitivity(struct ist30xx_data *data, int id) /* Factory CMD function */ static void set_default_result(struct sec_factory *sec) { - char delim = ':'; - memset(sec->cmd_result, 0, ARRAY_SIZE(sec->cmd_result)); - memcpy(sec->cmd_result, sec->cmd, strlen(sec->cmd)); - strncat(sec->cmd_result, &delim, CMD_STATE_RUNNING); + snprintf(sec->cmd_result, SEC_CMD_RESULT_STR_LEN, "%s:", sec->cmd); } static void set_cmd_result(struct sec_factory *sec, char *buf, int len) diff --git a/drivers/input/touchscreen/ist30xxc/ist30xxc_update.c b/drivers/input/touchscreen/ist30xxc/ist30xxc_update.c index 15eb35c..fe6086a 100755 --- a/drivers/input/touchscreen/ist30xxc/ist30xxc_update.c +++ b/drivers/input/touchscreen/ist30xxc/ist30xxc_update.c @@ -1413,19 +1413,13 @@ ssize_t ist30xx_fw_version_show(struct device *dev, data->fw.cur.test_ver, data->fw.cur.core_ver); #if IST30XX_INTERNAL_BIN - { - char msg[128]; - - ist30xx_get_update_info(data, data->fw.buf, data->fw.buf_size); - - count += snprintf(msg, sizeof(msg), - " Header - main: %x, fw: %x, test: %x, core: %x\n", - ist30xx_parse_ver(data, FLAG_MAIN, data->fw.buf), - ist30xx_parse_ver(data, FLAG_FW, data->fw.buf), - ist30xx_parse_ver(data, FLAG_TEST, data->fw.buf), - ist30xx_parse_ver(data, FLAG_CORE, data->fw.buf)); - strncat(buf, msg, sizeof(msg)); - } + ist30xx_get_update_info(data, data->fw.buf, data->fw.buf_size); + count += sprintf(buf + count, + "Header - main: %x, fw: %x, test: %x, core: %x\n", + ist30xx_parse_ver(data, FLAG_MAIN, data->fw.buf), + ist30xx_parse_ver(data, FLAG_FW, data->fw.buf), + ist30xx_parse_ver(data, FLAG_TEST, data->fw.buf), + ist30xx_parse_ver(data, FLAG_CORE, data->fw.buf)); #endif return count;