Re: [PATCH] tools/power/acpi: Replace strcpy/strcat with snprintf in osunixdir.c
From: Rafael J. Wysocki
Date: Fri Feb 13 2026 - 08:31:15 EST
On Sun, Feb 1, 2026 at 7:17 PM Sumeet Pawnikar <sumeet4linux@xxxxxxxxx> wrote:
>
> Replace unsafe strcpy() and strcat() calls with snprintf() in
> osunixdir.c to prevent potential buffer overflow vulnerabilities
> when constructing file paths.
>
> The snprintf() function performs automatic bounds checking to ensure
> the destination buffer is not overflowed.
>
> No functional change.
>
> Signed-off-by: Sumeet Pawnikar <sumeet4linux@xxxxxxxxx>
The ACPI tools come from ACPICA, so if you want to make changes to
them, you need to do that in upstream ACPICA.
Refer to Documentation/driver-api/acpi/linuxized-acpica.rst for more
information.
Thanks!
> ---
> .../power/acpi/os_specific/service_layers/osunixdir.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/tools/power/acpi/os_specific/service_layers/osunixdir.c b/tools/power/acpi/os_specific/service_layers/osunixdir.c
> index b9bb83116549..5dc960c6b376 100644
> --- a/tools/power/acpi/os_specific/service_layers/osunixdir.c
> +++ b/tools/power/acpi/os_specific/service_layers/osunixdir.c
> @@ -113,9 +113,8 @@ char *acpi_os_get_next_filename(void *dir_handle)
> return (NULL);
> }
>
> - strcpy(temp_str, external_info->dir_pathname);
> - strcat(temp_str, "/");
> - strcat(temp_str, dir_entry->d_name);
> + snprintf(temp_str, str_len, "%s/%s",
> + external_info->dir_pathname, dir_entry->d_name);
>
> err = stat(temp_str, &temp_stat);
> if (err == -1) {
> @@ -137,8 +136,9 @@ char *acpi_os_get_next_filename(void *dir_handle)
>
> /* copy to a temp buffer because dir_entry struct is on the stack */
>
> - strcpy(external_info->temp_buffer,
> - dir_entry->d_name);
> + snprintf(external_info->temp_buffer,
> + sizeof(external_info->temp_buffer),
> + "%s", dir_entry->d_name);
> return (external_info->temp_buffer);
> }
> }
> --
> 2.43.0
>
>