Re: [PATCH] tools/power/cpupower: Replace strcpy/strcat with snprintf in powercap.c

Next message: Pasha Tatashin: "Re: [PATCH v2] kexec: allow KEXEC_HANDOVER to build with COMPILE_TEST"
Previous message: Koichiro Den: "Re: [PATCH v4 6/9] PCI: dwc: ep: Report integrated eDMA resources via EPC remote-resource API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Shuah Khan

Date: Sat Feb 07 2026 - 11:04:32 EST

On 1/31/26 09:42, Sumeet Pawnikar wrote:

Replace all unsafe strcpy() and strcat() calls with snprintf() in
powercap.c to prevent potential buffer overflow vulnerabilities.
The snprintf() function performs automatic bounds checking to ensure
the destination buffer is not overflowed.

Why snprintf() - why not use strncpy() and strncat()

No functional change.

Why isn't this a functional change? You are changing the code to use
a different system call? How did you test this patch?

thanks,
-- Shuah