Re: [PATCH] tracing: Replace deprecated strncpy() with memcpy() for stack_trace_filter_buf

From: Steven Rostedt
Date: Fri Apr 04 2025 - 09:38:09 EST

Next message: Christian Brauner: "Re: [PATCH RFC 3/4] pidfd: improve uapi when task isn't found"
Previous message: Vinay Banakar: "Re: [PATCH v2] mm/vmscan: batch TLB flush during memory reclaim"
In reply to: Devaansh Kumar: "Re: [PATCH] tracing: Replace deprecated strncpy() with memcpy() for stack_trace_filter_buf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 4 Apr 2025 08:54:33 -0400
Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote:

> >>> - if ((len = str_has_prefix(str, "_filter=")))
> >>> - strncpy(stack_trace_filter_buf, str + len, COMMAND_LINE_SIZE);
> >>> + len = str_has_prefix(str, "_filter=");
> >>> +
> >>> + if (len)
> >>> + memcpy(stack_trace_filter_buf, str + len, sizeof(stack_trace_filter_buf));
> >>
> >> Hmm, this location looks like it can just use strscpy().
> >
> > Yes strscpy() also works. But since stack_trace_filter_buf is length
> > bounded, shouldn't memcpy be the right choice?
>
> It's not only about the destination, but also about the source length.

Correct.

>
> AFAIU, turning a strncpy into a memcpy here will overflow reading the
> input @str if the input string is smaller than
> sizeof(stack_trace_filter_buf) + len.

The old code just read str + len and what was after it until it hit a '\0'
or the COMMAND_LINE_SIZE limit.

memcpy() always reads COMMAND_LINE_SIZE (which is sizeof(stack_trace_filter_buf))
and will read more of the source "str" than may exist. Which as Mathieu
pointed out, is a bug.

-- Steve

Next message: Christian Brauner: "Re: [PATCH RFC 3/4] pidfd: improve uapi when task isn't found"
Previous message: Vinay Banakar: "Re: [PATCH v2] mm/vmscan: batch TLB flush during memory reclaim"
In reply to: Devaansh Kumar: "Re: [PATCH] tracing: Replace deprecated strncpy() with memcpy() for stack_trace_filter_buf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]