Re: [PATCH 03/35] fbdev: sisfb: Use safer strscpy() instead of strcpy()

Next message: Tarang Raval: "Re: [PATCH v2 00/15] media: i2c: os05b10: Refactor driver and Add new features"
Previous message: Qunqin Zhao: "Re: [PATCH v2] mfd: loongson-se: Add multi-node support"
In reply to: Ai Chao: "Re: Re: [PATCH 03/35] fbdev: sisfb: Use safer strscpy() instead of strcpy()"
Next in thread: David Laight: "Re: [PATCH 03/35] fbdev: sisfb: Use safer strscpy() instead of strcpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Helge Deller

Date: Mon Apr 27 2026 - 05:24:52 EST

On 4/27/26 11:09, Ai Chao wrote:

Hello David and Helge
...

- strcpy(ivideo->myid, "SiS 730");
+ strscpy(ivideo->myid, "SiS 730");

The compiler knows at build time the length of myid, and the "SIS 730" string.
Using strscpy() has no benefit here either. Contrary, the code generated
because of using strscpy() is probably even larger.
Don't replace such code with strscpy().

Both should get converted to a memcpy().

If you increase the literal to be too long I'm pretty sure you'll
get a compiler warning/error from strcpy().
OTOH strscpy() is more likely to truncate the string (I'd need to
check).

So leaving it as strcpy() is fine - and possibly even better.
The header files might get changed to error strcpy() unless the compiler
knows the source string has a constant length and the destination is
big enough - but that hasn't been done yet.

struct sis_video_info {
char myid[40];
}
I have rewritten the code:
strcpy(ivideo->myid, "SiS 730-0123456789abcdefghijklmnopqrstuvwxyz0123456789");
Used gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04.3)
There was no compiler warning or error.
The strcpy copies the entire string into myid(causing a buffer overflow),

Sure it would
But the compiler issued a warning that the string is too big..
So, such places will be detected at compile time.

Helge