From: Geert Uytterhoeven > Sent: 26 July 2021 09:03 > > Hi Len, > > On Sun, Jul 25, 2021 at 5:15 PM Len Baker <len.baker@xxxxxxx> wrote: > > strcpy() performs no bounds checking on the destination buffer. This > > could result in linear overflows beyond the end of the buffer, leading > > to all kinds of misbehaviors. The safe replacement is strscpy(). > > > > Signed-off-by: Len Baker <len.baker@xxxxxxx> > > Thanks for your patch! > > > --- > > This is a task of the KSPP [1] > > > > [1] https://github.com/KSPP/linux/issues/88 > > Any chance the almost one year old question in that ticket can be > answered? > > > drivers/soc/renesas/rcar-sysc.c | 6 ++++-- > > Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx> > > But please see my comments below... > > > --- a/drivers/soc/renesas/r8a779a0-sysc.c > > +++ b/drivers/soc/renesas/r8a779a0-sysc.c > > @@ -404,19 +404,21 @@ static int __init r8a779a0_sysc_pd_init(void) > > for (i = 0; i < info->num_areas; i++) { > > const struct r8a779a0_sysc_area *area = &info->areas[i]; > > struct r8a779a0_sysc_pd *pd; > > + size_t area_name_size; > > I wouldn't mind a shorter name, like "n". > > > > > if (!area->name) { > > /* Skip NULLified area */ > > continue; > > } > > > > - pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL); > > + area_name_size = strlen(area->name) + 1; > > + pd = kzalloc(sizeof(*pd) + area_name_size, GFP_KERNEL); > > if (!pd) { > > error = -ENOMEM; > > goto out_put; > > } > > > > - strcpy(pd->name, area->name); > > + strscpy(pd->name, area->name, area_name_size); You can just use memcpy(). David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
