strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). Direct replacement is safe here since return value of -errno is used to check for truncation instead of sizeof(dest). [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh <azeemshaikh38@xxxxxxxxx> --- arch/m68k/emu/natfeat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/m68k/emu/natfeat.c b/arch/m68k/emu/natfeat.c index b19dc00026d9..d124c62022c2 100644 --- a/arch/m68k/emu/natfeat.c +++ b/arch/m68k/emu/natfeat.c @@ -42,10 +42,10 @@ long nf_get_id(const char *feature_name) { /* feature_name may be in vmalloc()ed memory, so make a copy */ char name_copy[32]; - size_t n; + ssize_t n; - n = strlcpy(name_copy, feature_name, sizeof(name_copy)); - if (n >= sizeof(name_copy)) + n = strscpy(name_copy, feature_name, sizeof(name_copy)); + if (n < 0) return 0; return nf_get_id_phys(virt_to_phys(name_copy)); -- 2.42.0.283.g2d96d420d3-goog
