Re: [PATCH v3] staging: android: Replace strcpy with strlcpy

From: Greg KH
Date: Sun Mar 12 2017 - 09:35:48 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH] staging: lustre: replace simple_strtoul with kstrtoint"
Previous message: Greg KH: "Linux 4.10.2"
In reply to: simran singhal: "[PATCH v3] staging: android: Replace strcpy with strlcpy"
Next in thread: SIMRAN SINGHAL: "Re: [PATCH v3] staging: android: Replace strcpy with strlcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 12, 2017 at 03:32:44AM +0530, simran singhal wrote:
> Replace strcpy with strlcpy as strcpy does not check for buffer
> overflow.

Can there be a buffer overflow here? If not, then strcpy is just fine
to use. Do you see a potential code path here that actually is a
problem using this?

> This is found using Flawfinder.

You mean 'grep'? :)

If not, what exactly does "Flawfinder" point out is wrong with the code
here? At first glance, I can't find it, but perhaps the tool, and your
audit, provided more information?

thanks,

greg k-h

Next message: Greg Kroah-Hartman: "Re: [PATCH] staging: lustre: replace simple_strtoul with kstrtoint"
Previous message: Greg KH: "Linux 4.10.2"
In reply to: simran singhal: "[PATCH v3] staging: android: Replace strcpy with strlcpy"
Next in thread: SIMRAN SINGHAL: "Re: [PATCH v3] staging: android: Replace strcpy with strlcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]