strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated. The safe
replacement is strscpy().
This is a previous step in the path to remove the strlcpy() function
entirely from the kernel [1].
[1] https://github.com/KSPP/linux/issues/89
Signed-off-by: Len Baker <[email protected]>
---
drivers/i2c/busses/i2c-sun6i-p2wi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-sun6i-p2wi.c b/drivers/i2c/busses/i2c-sun6i-p2wi.c
index 2f6f6468214d..9e3483f507ff 100644
--- a/drivers/i2c/busses/i2c-sun6i-p2wi.c
+++ b/drivers/i2c/busses/i2c-sun6i-p2wi.c
@@ -234,7 +234,7 @@ static int p2wi_probe(struct platform_device *pdev)
if (IS_ERR(p2wi->regs))
return PTR_ERR(p2wi->regs);
- strlcpy(p2wi->adapter.name, pdev->name, sizeof(p2wi->adapter.name));
+ strscpy(p2wi->adapter.name, pdev->name, sizeof(p2wi->adapter.name));
irq = platform_get_irq(pdev, 0);
if (irq < 0)
return irq;
--
2.25.1
On Tue, Aug 17, 2021 at 06:58:59PM +0200, Len Baker wrote:
> strlcpy() reads the entire source buffer first. This read may exceed the
> destination size limit. This is both inefficient and can lead to linear
> read overflows if a source string is not NUL-terminated. The safe
> replacement is strscpy().
>
> This is a previous step in the path to remove the strlcpy() function
> entirely from the kernel [1].
>
> [1] https://github.com/KSPP/linux/issues/89
>
> Signed-off-by: Len Baker <[email protected]>
Applied to for-next, thanks!