On Wed, 17 May 2023 14:35:09 +0000, Azeem Shaikh wrote: > strlcpy() reads the entire source buffer first. > This read may exceed the destination size limit. > This is both inefficient and can lead to linear read > overflows if a source string is not NUL-terminated [1]. > In an effort to remove strlcpy() completely [2], replace > strlcpy() here with strscpy(). > No return values were used, so direct replacement is safe. > > [...] Applied to for-next/hardening, thanks! [1/1] scsi: qedi: Replace all non-returning strlcpy with strscpy https://git.kernel.org/kees/c/66f7f4013aa9 -- Kees Cook