On Tue 2022-06-28 08:47 +0100, Aaron Tomlin wrote: > On Tue 2022-06-28 05:54 +0000, Christophe Leroy wrote: > > > - /* Store the name of the last unloaded module for diagnostic purposes */ > > > strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module)); > > > + strcat(last_unloaded_module, module_flags(mod, buf, false)); > > > > You replace a bounded string copy by an unbounded strict contat. > > > > Should you use strlcat() instead ? > > Hi Christophe, > > Why? If I understand correctly, both the destination and source string are > NULL-terminated (see module_flags()). So, strcat() should be sufficient. Hi Luis, Any thoughts on this? As far as I can tell, the destination string cannot be overwritten; albeit, I can use the safer option if you prefer. Kind regards, -- Aaron Tomlin
