Hi Len, On Sun, Jul 25, 2021 at 5:15 PM Len Baker <len.baker@xxxxxxx> wrote: > strcpy() performs no bounds checking on the destination buffer. This > could result in linear overflows beyond the end of the buffer, leading > to all kinds of misbehaviors. The safe replacement is strscpy(). > > Signed-off-by: Len Baker <len.baker@xxxxxxx> Thanks for your patch! > --- > This is a task of the KSPP [1] > > [1] https://github.com/KSPP/linux/issues/88 Any chance the almost one year old question in that ticket can be answered? > drivers/soc/renesas/rcar-sysc.c | 6 ++++-- Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx> But please see my comments below... > --- a/drivers/soc/renesas/r8a779a0-sysc.c > +++ b/drivers/soc/renesas/r8a779a0-sysc.c > @@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void) > for (i = 0; i < info->num_areas; i++) { > const struct r8a779a0_sysc_area *area = &info->areas[i]; > struct r8a779a0_sysc_pd *pd; > + size_t area_name_size; I wouldn't mind a shorter name, like "n". > > if (!area->name) { > /* Skip NULLified area */ > continue; > } > > - pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL); > + area_name_size = strlen(area->name) + 1; > + pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL); > if (!pd) { > error = -ENOMEM; > goto out_put; > } > > - strcpy(pd->name, area->name); > + strscpy(pd->name, area->name, area_name_size); > pd->genpd.name = pd->name; > pd->pdr = area->pdr; > pd->flags = area->flags; > diff --git a/drivers/soc/renesas/rcar-sysc.c b/drivers/soc/renesas/rcar-sysc.c > index 53387a72ca00..0eae5ce0eeb0 100644 > --- a/drivers/soc/renesas/rcar-sysc.c > +++ b/drivers/soc/renesas/rcar-sysc.c > @@ -396,19 +396,21 @@ static int __init rcar_sysc_pd_init(void) > for (i = 0; i < info->num_areas; i++) { > const struct rcar_sysc_area *area = &info->areas[i]; > struct rcar_sysc_pd *pd; > + size_t area_name_size; Likewise. > > if (!area->name) { > /* Skip NULLified area */ > continue; > } > > - pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL); > + area_name_size = strlen(area->name) + 1; > + pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL); > if (!pd) { > error = -ENOMEM; > goto out_put; > } > > - strcpy(pd->name, area->name); > + strscpy(pd->name, area->name, area_name_size); > pd->genpd.name = pd->name; > pd->ch.chan_offs = area->chan_offs; > pd->ch.chan_bit = area->chan_bit; Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
