From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CFB7C433DB for ; Tue, 5 Jan 2021 08:45:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1AE2622525 for ; Tue, 5 Jan 2021 08:45:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727635AbhAEIpH (ORCPT ); Tue, 5 Jan 2021 03:45:07 -0500 Received: from smtprelay0041.hostedemail.com ([216.40.44.41]:56742 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726202AbhAEIpG (ORCPT ); Tue, 5 Jan 2021 03:45:06 -0500 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay06.hostedemail.com (Postfix) with ESMTP id BDF781801B771; Tue, 5 Jan 2021 08:44:25 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-HE-Tag: print05_0a1526c274d7 X-Filterd-Recvd-Size: 1900 Received: from [192.168.1.159] (unknown [47.151.137.21]) (Authenticated sender: joe@perches.com) by omf05.hostedemail.com (Postfix) with ESMTPA; Tue, 5 Jan 2021 08:44:24 +0000 (UTC) Message-ID: <50cc861121b62b3c1518222f24f679c3f72b868d.camel@perches.com> Subject: Re: [PATCH] checkpatch: add a new check for strcpy/strlcpy uses From: Joe Perches To: Dwaipayan Ray Cc: linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org Date: Tue, 05 Jan 2021 00:44:23 -0800 In-Reply-To: <20210105082303.15310-1-dwaipayanray1@gmail.com> References: <20210105082303.15310-1-dwaipayanray1@gmail.com> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.38.1-1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2021-01-05 at 13:53 +0530, Dwaipayan Ray wrote: > strcpy() performs no bounds checking on the destination buffer. > This could result in linear overflows beyond the end of the buffer. > > strlcpy() reads the entire source buffer first. This read > may exceed the destination size limit. This can be both inefficient > and lead to linear read overflows. > > The safe replacement to both of these is to use strscpy() instead. > Add a new checkpatch warning which alerts the user on finding usage of > strcpy() or strlcpy(). I do not believe that strscpy is preferred over strcpy. When the size of the output buffer is known to be larger than the input, strcpy is faster. There are about 2k uses of strcpy. Is there a use where strcpy use actually matters? I don't know offhand... But I believe compilers do not optimize away the uses of strscpy to a simple memcpy like they do for strcpy with a const from strcpy(foo, "bar"); And lastly there is a existing strlcpy test in checkpatch. commit 5dbdb2d87c29 ("checkpatch: prefer strscpy to strlcpy")