Re: [PATCH] staging/fbtft: Remove all strcpy() uses

From: Geert Uytterhoeven
Date: Mon Jul 19 2021 - 03:54:13 EST


On Sun, Jul 18, 2021 at 9:43 PM Andy Shevchenko
<andy.shevchenko@xxxxxxxxx> wrote:
> On Sun, Jul 18, 2021 at 4:43 PM Len Baker <len.baker@xxxxxxx> wrote:
> > strcpy() performs no bounds checking on the destination buffer. This
> > could result in linear overflows beyond the end of the buffer, leading
> > to all kinds of misbehaviors. The safe replacement is strscpy() but in
> > this case it is simpler to add NULL to the first position since we want

"NULL" is a pointer value, "NUL" is the character with value zero.

> > to empty the string.
>
> > This is a previous step in the path to remove the strcpy() function.
>
> Any document behind this (something to read on the site(s) more or
> less affiliated with what is going to happen in the kernel) to read
> background?
>
> ...
>
> > case -1:
> > i++;
> > /* make debug message */
> > - strcpy(msg, "");

While this strcpy() is provably safe at compile-time, and will probably
be replaced by an assignment to zero by the compiler...

> > + msg[0] = 0;
>
> Strictly speaking it should be '\0'.
>
> > j = i + 1;
> > while (par->init_sequence[j] >= 0) {
> > sprintf(str, "0x%02X ", par->init_sequence[j]);

... the real danger is the

strcat(msg, str);

on the next line.
Fortunately this whole debug printing block (including the strcpy)
can (and should) be rewritten to just use "%*ph".

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds