On Fri, 2024-05-03 at 15:48 +0800, David Yang wrote: > strscpy() takes the total size of destination buffer as the argument, > including the space for the terminating null character. > > The actual length of the buffer should be len(str) + 1, which can be > seen from the indexes where null characters are written in the code > before the commit in question, and 'sizeof(buf) - 1' right above > the problematic codes. > > Without the additional 1 size and the absence of checkes against - > E2BIG, strscpy() will angrily eat the last character of the source > string. In my situation, strscpy() will take away one character > before the comma "," (which is presumably the right bracket ")") in > parse_parts(), making parse_subpart() unable to 'strchr(++partdef, > ')')' and producing the following error message: > > cmdline partition format is invalid. This is the same problem we brought up with the strscpy conversions in scsi: https://lore.kernel.org/all/784db8a20a3ddeb6c0498f2b31719e5198da6581.camel@xxxxxxxxxxxxxxxxxxxxx/ strscpy doesn't correctly replace a function of strncpy we used to get a zero termination for a possibly unterminated string with a destination that's one byte larger than the source. The current proposed fix is this one: https://lore.kernel.org/all/20240410021833.work.750-kees@xxxxxxxxxx/ James
