On Wed, 10 May 2023 21:11:46 +0000, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [...] Applied to for-next/hardening, thanks! [1/1] vboxsf: Replace all non-returning strlcpy with strscpy https://git.kernel.org/kees/c/883f8fe87686 -- Kees Cook