[Linux-kernel-mentees] [PATCH] checkpatch: add a new check for strcpy/strlcpy uses
Dwaipayan Ray
dwaipayanray1 at gmail.com
Tue Jan 5 08:19:30 UTC 2021
On Tue, Jan 5, 2021 at 1:32 PM Lukas Bulwahn <lukas.bulwahn at gmail.com> wrote:
>
> On Mon, Jan 4, 2021 at 2:25 PM Dwaipayan Ray <dwaipayanray1 at gmail.com> wrote:
> >
> > strcpy() performs no bounds checking on the destination buffer.
> > This could result in linear overflows beyond the end of the buffer.
> >
> > strlcpy() reads the entire source buffer first. This read
> > may exceed the destination size limit. This can be both inefficient
> > and lead to linear read overflows.
> >
> > The safe replacement to both of these is to use strscpy() instead.
> > Add a new checkpatch warning which alerts the user on finding usage of
> > strcpy() or strlcpy().
> >
> > Signed-off-by: Dwaipayan Ray <dwaipayanray1 at gmail.com>
> > ---
>
> I remember Joe has already created a patch for that over Christmas
> break; check lkml before sending this.
>
> Other than that, looks good.
>
> Lukas
Yes I found it:
https://lore.kernel.org/lkml/22b393d1790bb268769d0bab7bacf0866dcb0c14.camel@perches.com/
He has converted the uses in code. But I don't think he has created
the checkpatch rule yet. I will try sending it out to him.
Thank you,
Dwaipayan.
More information about the Linux-kernel-mentees
mailing list