hdmitx: fix KASAN Bug in store_valid_mode [1/1]

PD#172926: hdmitx: fix KASAN Bug in store_valid_mode

==================================================================
BUG: KASAN: slab-out-of-bounds in store_valid_mode+0x48/0x70
Read of size 32 at addr ffffffc04a64ef80 by task systemcontrol/2924

CPU: 1 PID: 2924 Comm: systemcontrol Tainted: G           O    4.9.113 #7
Hardware name: Amlogic (DT)
Call trace:
[<ffffff900908ecc0>] dump_backtrace+0x0/0x368
[<ffffff900908f0cc>] show_stack+0x24/0x30
[<ffffff900963bdb0>] dump_stack+0xa0/0xc8
[<ffffff90092ba140>] print_address_description+0x68/0x258
[<ffffff90092ba694>] kasan_report+0x264/0x338
[<ffffff90092b8fdc>] check_memory_region+0x12c/0x1c0
[<ffffff90092b90c4>] __asan_loadN+0x14/0x20
[<ffffff9009c0c250>] store_valid_mode+0x48/0x70
[<ffffff9009757104>] dev_attr_store+0x4c/0x68
[<ffffff90093973b0>] sysfs_kf_write+0x98/0xb8
[<ffffff9009396134>] kernfs_fop_write+0x12c/0x270
[<ffffff90092c9870>] __vfs_write+0xd8/0x268
[<ffffff90092cae30>] vfs_write+0xd8/0x240
[<ffffff90092ccd74>] SyS_write+0xc4/0x148
[<ffffff9009083f00>] el0_svc_naked+0x34/0x38

Allocated by task 2924:
 save_stack_trace_tsk+0x0/0x268
 save_stack_trace+0x24/0x30
 kasan_kmalloc+0xd8/0x188
 __kmalloc+0x14c/0x2e8
 kernfs_fop_write+0x1d0/0x270
 __vfs_write+0xd8/0x268
 vfs_write+0xd8/0x240
 SyS_write+0xc4/0x148
 el0_svc_naked+0x34/0x38

Freed by task 2746:
 save_stack_trace_tsk+0x0/0x268
 save_stack_trace+0x24/0x30
 kasan_slab_free+0x88/0x188
 kfree+0x80/0x280
 selinux_cred_free+0x34/0x50
 security_cred_free+0x48/0x70
 put_cred_rcu+0x38/0x110
 rcu_process_callbacks+0x3b4/0x950
 __do_softirq+0x210/0x5ec

The buggy address belongs to the object at ffffffc04a64ef80
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes inside of
 64-byte region [ffffffc04a64ef80, ffffffc04a64efc0)
The buggy address belongs to the page:
page:ffffffbf01299380 count:1 mapcount:0 mapping:          (null) index:0x0
flags: 0x7ab1600000080(slab)
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffffffc04a64ee80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffffffc04a64ef00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffffffc04a64ef80: 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc
                         ^
 ffffffc04a64f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffc04a64f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Change-Id: I553bd648453385788899fadf0da9f17817891db2
Signed-off-by: Zongdong Jiao <zongdong.jiao@amlogic.com>

drivers/amlogic/media/vout/hdmitx/hdmi_tx_20/hdmi_tx_main.c

@@ -2231,7 +2231,7 @@ static ssize_t store_valid_mode(struct device *dev,
 	struct device_attribute *attr, const char *buf, size_t count)
 {
 	memset(cvalid_mode, 0, sizeof(cvalid_mode));
-	memcpy(cvalid_mode, buf, sizeof(cvalid_mode));
+	strncpy(cvalid_mode, buf, sizeof(cvalid_mode));
 	cvalid_mode[31] = '\0';
 	return count;
 }