Re: [PATCH] Fix possible strscpy() buffer overflows
From: Andrei Purdea
Date: Mon May 11 2026 - 02:48:02 EST
Hi all,
Furthermore the one in versalnet_edac.c looks like beyond fixing a
buffer overflow risk and code smell, it also introduces a behavior
change (bugfix?), because the old code I believe cuts off the last
character from the copied string. (Because it was using just strlen()
and not using strlen() + 1)
So I think the effects of this behavioral change should be documented
in the commit message. (I.e. where did the incorrect string end up
being visible, and could there be side effects from fixing this? e.g.
Could some userspace scripts/applications start breaking that were
expecting the incorrect shorter string? Etc...)
Andrei.
On Mon, May 11, 2026 at 4:30 AM Geraldo Nascimento
<geraldogabriel@xxxxxxxxx> wrote:
>
> Hi David,
>
> On Sun, May 10, 2026 at 11:08:53PM +0100, David Laight wrote:
> > On Sun, 10 May 2026 20:24:41 +0200
> > "Alexander A. Klimov" <grandmaster@xxxxxxxxxxxx> wrote:
> >
> > > In the changed files, strings were copied like this:
> > >
> > > strscpy(DST, SRC, strlen(SRC));
> > >
> > > A buffer overflow would happen if strlen(SRC) > sizeof(DST).
> > > Actually, strscpy() must be used this way:
> > >
> > > strscpy(DST, SRC, sizeof(DST));
> > > strscpy(DST, SRC); // defaults to sizeof(DST)
> >
> > Nak.
> >
> > This is test code and deliberately doing things 'wrong'.
> >
> > -- David
>
> while the change to fortify.c is what you described, the other two look
> like good catches to me.
>
> Thanks,
> Geraldo Nascimento
> >
> > >
> > > Signed-off-by: Alexander A. Klimov <grandmaster@xxxxxxxxxxxx>
> > > ---
> > > drivers/edac/versalnet_edac.c | 3 +--
> > > drivers/misc/lkdtm/fortify.c | 6 +-----
> > > sound/soc/codecs/fs210x.c | 2 +-
> > > 3 files changed, 3 insertions(+), 8 deletions(-)
>