Hi Joe, On Mon, Aug 02, 2021 at 11:57:40AM -0700, Joe Perches wrote: > On Mon, 2021-08-02 at 09:13 -0700, Kees Cook wrote: > > I'm wondering, instead, if we could convert strcpy() into this instead > > of adding another API? I.e. convert all the places that warn (if this > > were strcpy), and then land the conversion. > > Perhaps not as strcpy is a builtin. > > It might be easier as a cocci script. Something like: > > @@ > char [] dest; > constant char [] src; > @@ > > * strcpy(dest, src) > > There are some additional test that needs to be added so that > only length(src) > length(dest) is reported. > Thanks for the ideas. I will think on this. Regards, Len
