staging/fbtft: Remove all strcpy() uses

strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy() but in
this case it is simpler to use the "%*ph" format specifier.

Moreover, with the "0x%02X " in the sprintf followed by the strcat, the
msg buffer (now removed) can print 128/5 values (25 hex values). So, the
"%*ph" replacement won't cut output earlier than requested since this
format specifier can print up to 64 bytes.
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210801085155.3170-2-len.baker@gmx.comSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/fbtft/fbtft-core.c

@@ -992,8 +992,6 @@ static int fbtft_init_display_from_property(struct fbtft_par *par)
 int fbtft_init_display(struct fbtft_par *par)
 {
 	int buf[64];
-	char msg[128];
-	char str[16];
 	int i = 0;
 	int j;
 
@@ -1036,17 +1034,14 @@ int fbtft_init_display(struct fbtft_par *par)
 		switch (par->init_sequence[i]) {
 		case -1:
 			i++;
+
 			/* make debug message */
-			strcpy(msg, "");
-			j = i + 1;
-			while (par->init_sequence[j] >= 0) {
-				sprintf(str, "0x%02X ", par->init_sequence[j]);
-				strcat(msg, str);
-				j++;
-			}
+			for (j = 0; par->init_sequence[i + 1 + j] >= 0; j++);
+
 			fbtft_par_dbg(DEBUG_INIT_DISPLAY, par,
-				      "init: write(0x%02X) %s\n",
-				      par->init_sequence[i], msg);
+				      "init: write(0x%02X) %*ph\n",
+				      par->init_sequence[i], j,
+				      &par->init_sequence[i + 1]);
 
 			/* Write */
 			j = 0;