Add strncmp() to Documentation/process/deprecated.rst since
using strncmp() to check whether a string starts with a
prefix is error-prone.
The safe replacement is str_has_prefix().
Also add check to the newly introduced deprecated_string_apis
in checkpatch.pl.
This patch depends on patch:
"Documentation/checkpatch: Prefer stracpy/strscpy over
strcpy/strlcpy/strncpy."
Signed-off-by: Chuhong Yuan <[email protected]>
---
Documentation/process/deprecated.rst | 8 ++++++++
scripts/checkpatch.pl | 1 +
2 files changed, 9 insertions(+)
diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
index 56280e108d5a..22d3f0dbcf61 100644
--- a/Documentation/process/deprecated.rst
+++ b/Documentation/process/deprecated.rst
@@ -109,6 +109,14 @@ the given limit of bytes to copy. This is inefficient and can lead to
linear read overflows if a source string is not NUL-terminated. The
safe replacement is stracpy() or strscpy().
+strncmp()
+---------
+:c:func:`strncmp` is often used to test if a string starts with a prefix
+by strncmp(str, prefix, length of prefix). This is error-prone because
+length of prefix can have counting error if using a constant length, or use
+sizeof(prefix) without - 1. Also, if the prefix is a pointer, sizeof(prefix)
+leads to a wrong size. The safe replacement is str_has_prefix().
+
Variable Length Arrays (VLAs)
-----------------------------
Using stack VLAs produces much worse machine code than statically
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 0ae9ae01d855..38e82d2ac286 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -609,6 +609,7 @@ our %deprecated_string_apis = (
"strcpy" => "stracpy or strscpy",
"strlcpy" => "stracpy or strscpy",
"strncpy" => "stracpy or strscpy - for non-NUL-terminated uses, strncpy dest should be __nonstring",
+ "strncmp" => "str_has_prefix",
);
#Create a search pattern for all these strings apis to speed up a loop below
--
2.20.1
On Fri, 2 Aug 2019 14:25:37 +0800
Chuhong Yuan <[email protected]> wrote:
> Add strncmp() to Documentation/process/deprecated.rst since
> using strncmp() to check whether a string starts with a
> prefix is error-prone.
> The safe replacement is str_has_prefix().
Is that the *only* use of strncmp()?
> Also add check to the newly introduced deprecated_string_apis
> in checkpatch.pl.
>
> This patch depends on patch:
> "Documentation/checkpatch: Prefer stracpy/strscpy over
> strcpy/strlcpy/strncpy."
>
> Signed-off-by: Chuhong Yuan <[email protected]>
> ---
> Documentation/process/deprecated.rst | 8 ++++++++
> scripts/checkpatch.pl | 1 +
> 2 files changed, 9 insertions(+)
>
> diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> index 56280e108d5a..22d3f0dbcf61 100644
> --- a/Documentation/process/deprecated.rst
> +++ b/Documentation/process/deprecated.rst
> @@ -109,6 +109,14 @@ the given limit of bytes to copy. This is inefficient and can lead to
> linear read overflows if a source string is not NUL-terminated. The
> safe replacement is stracpy() or strscpy().
>
> +strncmp()
> +---------
> +:c:func:`strncmp` is often used to test if a string starts with a prefix
Please don't use :c:func: anymore; just say strncmp() and the right things
will happen.
Thanks,
jon
Jonathan Corbet <[email protected]> 于2019年8月2日周五 下午9:38写道:
>
> On Fri, 2 Aug 2019 14:25:37 +0800
> Chuhong Yuan <[email protected]> wrote:
>
> > Add strncmp() to Documentation/process/deprecated.rst since
> > using strncmp() to check whether a string starts with a
> > prefix is error-prone.
> > The safe replacement is str_has_prefix().
>
> Is that the *only* use of strncmp()?
This is not the only use of strncmp().
Maybe add a case description like strncpy() is more precise?
For example, "strncmp() on string prefix".
>
> > Also add check to the newly introduced deprecated_string_apis
> > in checkpatch.pl.
> >
> > This patch depends on patch:
> > "Documentation/checkpatch: Prefer stracpy/strscpy over
> > strcpy/strlcpy/strncpy."
> >
> > Signed-off-by: Chuhong Yuan <[email protected]>
> > ---
> > Documentation/process/deprecated.rst | 8 ++++++++
> > scripts/checkpatch.pl | 1 +
> > 2 files changed, 9 insertions(+)
> >
> > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> > index 56280e108d5a..22d3f0dbcf61 100644
> > --- a/Documentation/process/deprecated.rst
> > +++ b/Documentation/process/deprecated.rst
> > @@ -109,6 +109,14 @@ the given limit of bytes to copy. This is inefficient and can lead to
> > linear read overflows if a source string is not NUL-terminated. The
> > safe replacement is stracpy() or strscpy().
> >
> > +strncmp()
> > +---------
> > +:c:func:`strncmp` is often used to test if a string starts with a prefix
>
> Please don't use :c:func: anymore; just say strncmp() and the right things
> will happen.
>
I will revise this in the next version.
Regards,
Chuhong
> Thanks,
>
> jon