[Linux-kernel-mentees] [PATCH] checkpatch: add a new check for strcpy/strlcpy uses
lukas.bulwahn at gmail.com
Tue Jan 5 08:58:33 UTC 2021
On Tue, Jan 5, 2021 at 9:19 AM Dwaipayan Ray <dwaipayanray1 at gmail.com> wrote:
> On Tue, Jan 5, 2021 at 1:32 PM Lukas Bulwahn <lukas.bulwahn at gmail.com> wrote:
> > On Mon, Jan 4, 2021 at 2:25 PM Dwaipayan Ray <dwaipayanray1 at gmail.com> wrote:
> > >
> > > strcpy() performs no bounds checking on the destination buffer.
> > > This could result in linear overflows beyond the end of the buffer.
> > >
> > > strlcpy() reads the entire source buffer first. This read
> > > may exceed the destination size limit. This can be both inefficient
> > > and lead to linear read overflows.
> > >
> > > The safe replacement to both of these is to use strscpy() instead.
> > > Add a new checkpatch warning which alerts the user on finding usage of
> > > strcpy() or strlcpy().
> > >
> > > Signed-off-by: Dwaipayan Ray <dwaipayanray1 at gmail.com>
> > > ---
> > I remember Joe has already created a patch for that over Christmas
> > break; check lkml before sending this.
> > Other than that, looks good.
> > Lukas
> Yes I found it:
> He has converted the uses in code. But I don't think he has created
> the checkpatch rule yet. I will try sending it out to him.
Joe pointed you already to the commit. So I think your change is obsolete.
And I fully agree with Joe. strcpy is perfectly fine, when it is clear
from the use that boundaries do not need to be checked.
More information about the Linux-kernel-mentees