[PATCH 03/35] fbdev: sisfb: Use safer strscpy() instead of strcpy()
Helge Deller
deller at gmx.de
Mon Apr 27 02:17:06 PDT 2026
On 4/27/26 11:09, Ai Chao wrote:
> Hello David and Helge
> ...
>>>> - strcpy(ivideo->myid, "SiS 730");
>>>> + strscpy(ivideo->myid, "SiS 730");
>>>
>>> The compiler knows at build time the length of myid, and the "SIS 730" string.
>>> Using strscpy() has no benefit here either. Contrary, the code generated
>>> because of using strscpy() is probably even larger.
>>> Don't replace such code with strscpy().
>
>> Both should get converted to a memcpy().
>
>> If you increase the literal to be too long I'm pretty sure you'll
>> get a compiler warning/error from strcpy().
>> OTOH strscpy() is more likely to truncate the string (I'd need to
>> check).
>
>> So leaving it as strcpy() is fine - and possibly even better.
>> The header files might get changed to error strcpy() unless the compiler
>> knows the source string has a constant length and the destination is
>> big enough - but that hasn't been done yet.
>
> struct sis_video_info {
> char myid[40];
> }
> I have rewritten the code:
> strcpy(ivideo->myid, "SiS 730-0123456789abcdefghijklmnopqrstuvwxyz0123456789");
> Used gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04.3)
> There was no compiler warning or error.
> The strcpy copies the entire string into myid(causing a buffer overflow),
Sure it would
But the compiler issued a warning that the string is too big..
So, such places will be detected at compile time.
Helge
More information about the linux-arm-kernel
mailing list