Re: [PATCH] Fix possible strscpy() buffer overflows

Next message: Michal Hocko: "Re: [PATCH v6 0/3] mm/page_owner: add filter infrastructure for print_mode and NUMA filtering"
Previous message: Rob Clark: "[PATCH v5 02/16] drm/msm: Allow CAP_PERFMON for setting SYSPROF"
In reply to: Andrei Purdea: "Re: [PATCH] Fix possible strscpy() buffer overflows"
Next in thread: Andrei Purdea: "Re: [PATCH] Fix possible strscpy() buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Mon May 11 2026 - 09:02:46 EST

On Mon, May 11, 2026 at 11:59:34AM +0000, Andrei Purdea wrote:
> No, the current code copies "error_ip" with null termination, and it
> drops the "c" suffix.

Pfff, that wasn't really clear to me from the explanation of strscpy...

> And that seems buggy. And that's what I requested to explain the effects of.

Shubhrajyoti, does that have any visible effects when using the driver?

> strscpy_pad(chinfo.name, amd_rpmsg_id_table[0].name);

No, as said "[h]owever, just to make this safer, we should min the size".

IOW:

strscpy_pad(chinfo.name,
amd_rpmsg_id_table[0].name,
min_t(size_t, strlen(amd_rpmsg_id_table[0].name) + 1, RPMSG_NAME_SIZE));

In case someone goes and changes that amd_rpmsg_id_table[0].name in the
future.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette