Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
From: Simon Horman
Date: Wed Feb 25 2026 - 04:43:43 EST
On Tue, Feb 24, 2026 at 08:22:42AM +0100, tomasz.unger@xxxxxxxx wrote:
> From: Tomasz Unger <tomasz.unger@xxxxxxxx>
>
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.
>
> Compilation testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make drivers/nfc/pn544/i2c.o: compiled successfully
>
> Signed-off-by: Tomasz Unger <tomasz.unger@xxxxxxxx>
I am wondering if this is more of a cleanup, or more of a bug fix.
IOW, can an overflow actually occur?
Assuming that firmware_name is derived from user input I would suspect
that this is a bug fix. In which case it should be targeted at net.
Subject: [PATCH net] ...
And have a Fixes tag denoting the commit that introduced the problem.
It should go immediately above your Signed-off-by line; no blank line in
between.
Otherwise it would be best to explicitly target this patch at
the net-next tree:
Subject: [PATCH net-next] ...
AI generated review flagged that this looks like a bug fix.
> ---
> drivers/nfc/pn544/i2c.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
> index a0dfb3f98d5a..7261e12aa6b5 100644
> --- a/drivers/nfc/pn544/i2c.c
> +++ b/drivers/nfc/pn544/i2c.c
> @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
>
> pr_info("Starting Firmware Download (%s)\n", firmware_name);
>
> - strcpy(phy->firmware_name, firmware_name);
> + strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
phy->firmware_name is an array.
So you can use the two-argument variant of strscpy() here.
>
> phy->hw_variant = hw_variant;
> phy->fw_work_state = FW_WORK_STATE_START;
--
pw-bot: changes-requested