On Sun, Jul 03, 2022 at 03:22:18PM +0100, Aaron Tomlin wrote: > On Tue 2022-06-28 08:47 +0100, Aaron Tomlin wrote: > > On Tue 2022-06-28 05:54 +0000, Christophe Leroy wrote: > > > > - /* Store the name of the last unloaded module for diagnostic purposes */ > > > > strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module)); > > > > + strcat(last_unloaded_module, module_flags(mod, buf, false)); > > > > > > You replace a bounded string copy by an unbounded strict contat. > > > > > > Should you use strlcat() instead ? > > > > Hi Christophe, > > > > Why? If I understand correctly, both the destination and source string are > > NULL-terminated (see module_flags()). So, strcat() should be sufficient. > > Hi Luis, > > Any thoughts on this? As far as I can tell, the destination string cannot > be overwritten; albeit, I can use the safer option if you prefer. Yeah I don't like this as-is, it makes it not so easy to follow, I'll reply in my review of your patch now. Luis
