On Tue, 2019-08-20 at 16:28 -0700, Linus Torvalds wrote: > On Mon, Aug 19, 2019 at 5:08 PM Joe Perches <joe@xxxxxxxxxxx> wrote: > > 2: would be Julia Lawall's stracpy change done > > with coccinelle: (attached) > > I'm not actually convinced about stracpy() and friends. > > It seems to be yet another badly thought out string interface, and > there are now so many of them that no human being can keep track of > them. > > The "badly thought out" part is that it (like the original strlcpy > garbage from BSD) thinks that there is only one size that matters - > the destination. > > Yes, we fixed part of the "source is also limited" with strscpy(). It > didn't fix the problem with different size limits, but at least it > fixed the fundamentally broken assumption that the source has no size > limit at all. > > Honestly, I really really REALLY don't want yet another broken string > handling function, when we still have a lot of the old strlcpy() stuff > in the tree from previous broken garbage. > > The fact is, when you copy strings, both the destination *AND* the > source may have size limits. They may be the same. Or they may not be. > > This is particularly noticeable in the "str*_pad()" versions. It's > simply absolutely and purely wrong. I will note that we currently have > not a single user or strscpy_pad() in the whole kernel outside of the > testing code. > > And yes, we actually *do* have real and present cases of "source and > destination have different sizes". They aren't common, but they do > exist. > > So I'm putting my foot down on yet another broken string copy > interface from people who do not understand this fundamental issue. I think you are mistaken about the stracpy limits as the only limit is not the source size but the dest. Why should the source be size limited? btw: I also think str.cpy_pad is horrible.
