[Linux-kernel-mentees] [PATCH] checkpatch: add a new check for strcpy/strlcpy uses

Lukas Bulwahn lukas.bulwahn at gmail.com
Tue Jan 5 08:58:33 UTC 2021


On Tue, Jan 5, 2021 at 9:19 AM Dwaipayan Ray <dwaipayanray1 at gmail.com> wrote:
>
> On Tue, Jan 5, 2021 at 1:32 PM Lukas Bulwahn <lukas.bulwahn at gmail.com> wrote:
> >
> > On Mon, Jan 4, 2021 at 2:25 PM Dwaipayan Ray <dwaipayanray1 at gmail.com> wrote:
> > >
> > > strcpy() performs no bounds checking on the destination buffer.
> > > This could result in linear overflows beyond the end of the buffer.
> > >
> > > strlcpy() reads the entire source buffer first. This read
> > > may exceed the destination size limit. This can be both inefficient
> > > and lead to linear read overflows.
> > >
> > > The safe replacement to both of these is to use strscpy() instead.
> > > Add a new checkpatch warning which alerts the user on finding usage of
> > > strcpy() or strlcpy().
> > >
> > > Signed-off-by: Dwaipayan Ray <dwaipayanray1 at gmail.com>
> > > ---
> >
> > I remember Joe has already created a patch for that over Christmas
> > break; check lkml before sending this.
> >
> > Other than that, looks good.
> >
> > Lukas
>
> Yes I found it:
> https://lore.kernel.org/lkml/22b393d1790bb268769d0bab7bacf0866dcb0c14.camel@perches.com/
>
> He has converted the uses in code. But I don't think he has created
> the checkpatch rule yet. I will try sending it out to him.
>

Joe pointed you already to the commit. So I think your change is obsolete.

And I fully agree with Joe. strcpy is perfectly fine, when it is clear
from the use that boundaries do not need to be checked.


Lukas


More information about the Linux-kernel-mentees mailing list