Add strncmp() to Documentation/process/deprecated.rst since using strncmp() to check whether a string starts with a prefix is error-prone. The safe replacement is str_has_prefix(). Also add check to the newly introduced deprecated_string_apis in checkpatch.pl. This patch depends on patch: "Documentation/checkpatch: Prefer stracpy/strscpy over strcpy/strlcpy/strncpy." Signed-off-by: Chuhong Yuan <hslester96@xxxxxxxxx> --- Documentation/process/deprecated.rst | 8 ++++++++ scripts/checkpatch.pl | 1 + 2 files changed, 9 insertions(+) diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst index 56280e108d5a..22d3f0dbcf61 100644 --- a/Documentation/process/deprecated.rst +++ b/Documentation/process/deprecated.rst @@ -109,6 +109,14 @@ the given limit of bytes to copy. This is inefficient and can lead to linear read overflows if a source string is not NUL-terminated. The safe replacement is stracpy() or strscpy(). +strncmp() +--------- +:c:func:`strncmp` is often used to test if a string starts with a prefix +by strncmp(str, prefix, length of prefix). This is error-prone because +length of prefix can have counting error if using a constant length, or use +sizeof(prefix) without - 1. Also, if the prefix is a pointer, sizeof(prefix) +leads to a wrong size. The safe replacement is str_has_prefix(). + Variable Length Arrays (VLAs) ----------------------------- Using stack VLAs produces much worse machine code than statically diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 0ae9ae01d855..38e82d2ac286 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -609,6 +609,7 @@ our %deprecated_string_apis = ( "strcpy" => "stracpy or strscpy", "strlcpy" => "stracpy or strscpy", "strncpy" => "stracpy or strscpy - for non-NUL-terminated uses, strncpy dest should be __nonstring", + "strncmp" => "str_has_prefix", ); #Create a search pattern for all these strings apis to speed up a loop below -- 2.20.1
