On Mon, 2021-08-02 at 09:13 -0700, Kees Cook wrote: > I'm wondering, instead, if we could convert strcpy() into this instead > of adding another API? I.e. convert all the places that warn (if this > were strcpy), and then land the conversion. Perhaps not as strcpy is a builtin. It might be easier as a cocci script. Something like: @@ char [] dest; constant char [] src; @@ * strcpy(dest, src) There are some additional test that needs to be added so that only length(src) > length(dest) is reported.
